Bugtraq mailing list archives
Re: Exploit of rpc.cmsd
From: djast () CS TORONTO EDU (Dan Astoorian)
Date: Thu, 15 Jul 1999 13:05:29 -0400
On Wed, 14 Jul 1999 04:28:43 EDT, Casper Dik writes:
The following patches have now been released: 107022-03 CDE 1.3 (Solaris 7/SPARC) 107023-03 CDE 1.3_x86 (Solaris 7/x86) 105567-08 CDE 1.2_x86 (Solaris 2.6) 104976-04 OW 3.5.1 (Solaris 2.5.1)
[...] (What about Solaris 2.4?) Be aware that when these patches[*] are applied, the existing rpc.cmsd process (if one exists) seems to be killed in a *prepatch* script--that is, *before* the programs are updated. This is not just a minor race condition: under at least some circumstances, inetd will respawn rpc.cmsd *immediately* when it dies, syslogging a message like: Jul 15 12:24:20 hostname inetd[150]: /usr/openwin/bin/rpc.cmsd: Child Status Changed ...thus, systems may still be running the old, vulnerable daemon after installing the patch unless the rpc.cmsd process is killed *after* the patch has been installed. I couldn't begin to speculate about why Sun didn't make this a postpatch script rather than a prepatch script. In any case, killing off the rpc.cmsd process after installing the patch will remedy the problem. [*]I've only inspected the SPARC patches for Solaris 2.5.1 and later. -- People shouldn't think that it's better to have Dan Astoorian loved and lost than never loved at all. It's Sysadmin, CS Lab not, it's better to have loved and won. All djast () cs toronto edu the other options really suck. --Dan Redican
Current thread:
- Exploit of rpc.cmsd Bob Todd (Jul 09)
- Re: Exploit of rpc.cmsd Andy Polyakov (Jul 09)
- Re: Exploit of rpc.cmsd Andy Polyakov (Jul 10)
- Re: Exploit of rpc.cmsd Andy Polyakov (Jul 11)
- Re: Exploit of rpc.cmsd John Hall (Jul 12)
- Re: Exploit of rpc.cmsd Aleph One (Jul 13)
- Re: Exploit of rpc.cmsd Casper Dik (Jul 14)
- Re: Exploit of rpc.cmsd Dan Astoorian (Jul 15)
- Re: Exploit of rpc.cmsd Casper Dik (Jul 15)
- Re: Exploit of rpc.cmsd Aleph One (Jul 13)
- <Possible follow-ups>
- Re: Exploit of rpc.cmsd Stephen C Woods (Jul 10)
- Re: Exploit of rpc.cmsd Casper Dik (Jul 14)