Bugtraq mailing list archives
Re: SUN almost has a clue! (automountd)
From: Michael_Russell () Brown EDU (Michael Russell)
Date: Tue, 5 Jan 1999 09:10:13 -0500
Vulnerability: Automountd Operating System: SUN Solaris Versions affected: 2.5, 2.5.1, 2.6, 2.7 (X86 and SPARC architectures)
I tested this exploit on several systems and I found the following: 2.5 - not vulnerable with my testing 2.5.1 - vulnerable for patch 104654-03 and below, not vulnerable once 104654-04 or higher applied. 2.6 - not tested 2.7 - not tested Perhaps the forged DNS would have made 2.5.1 104654-04+ vulnerable, but using the suggested test with "/etc/hosts" did not. Has anyone else done any useful testing and/or have any opinions on what to do to thwart this? It appears to me that putting 2.5.1 patch 104654-05 (current) takes care of the problem. Am I missing something? Michael Russell Michael_Russell () Brown EDU Senior Systems Programmer Brown University Providence, RI 02912 USA
Current thread:
- Re: SUN almost has a clue! (automountd) Friedrichs, Oliver (Jan 04)
- Re: SUN almost has a clue! (automountd) Andreas Bogk (Jan 05)
- Re: SUN almost has a clue! (automountd) David LeBlanc (Jan 06)
- <Possible follow-ups>
- Re: SUN almost has a clue! (automountd) Scott (Jan 04)
- Re: SUN almost has a clue! (automountd) Alan Cox (Jan 05)
- Re: SUN almost has a clue! (automountd) Michael Russell (Jan 05)
- Re: SUN almost has a clue! (automountd) der Mouse (Jan 05)
- Re: SUN almost has a clue! (automountd) Friedrichs, Oliver (Jan 05)
- Re: SUN almost has a clue! (automountd) Huger, Alfred (Jan 05)
- Re: SUN almost has a clue! (automountd) Andreas Bogk (Jan 05)