Bugtraq mailing list archives

Re: Exploit of rpc.cmsd

From: casper () HOLLAND SUN COM (Casper Dik)
Date: Thu, 15 Jul 1999 23:58:04 +0200

(What about Solaris 2.4?)


Both CDE 1.0.1/1.0.2  (which have seperate rpc.cmsd binaries; these
were merged in later releases) and Solaris 2.4 patches will be released
at a later date.

Be aware that when these patches[*] are applied, the existing rpc.cmsd
process (if one exists) seems to be killed in a *prepatch* script--that
is, *before* the programs are updated.


Thanks for noticing this; I've notified the persons responsible for
this patch; it will be addressed in a future release.

I couldn't begin to speculate about why Sun didn't make this a postpatch
script rather than a prepatch script.


Neither could I; it's a mistake.

Casper

Current thread:

Exploit of rpc.cmsd Bob Todd (Jul 09)
- Re: Exploit of rpc.cmsd Andy Polyakov (Jul 09)
- Re: Exploit of rpc.cmsd Andy Polyakov (Jul 10)
- Re: Exploit of rpc.cmsd Andy Polyakov (Jul 11)
- Re: Exploit of rpc.cmsd John Hall (Jul 12)
  - Re: Exploit of rpc.cmsd Aleph One (Jul 13)
    - Re: Exploit of rpc.cmsd Casper Dik (Jul 14)
    - Re: Exploit of rpc.cmsd Dan Astoorian (Jul 15)
    - Re: Exploit of rpc.cmsd Casper Dik (Jul 15)
- Re: Exploit of rpc.cmsd John Hall (Jul 12)
- <Possible follow-ups>
- Re: Exploit of rpc.cmsd Stephen C Woods (Jul 10)
- Re: Exploit of rpc.cmsd Casper Dik (Jul 14)