From: Mike Fuller (sunmanagers@mikeandanna.net)
Date: Fri Jul 12 2002 - 11:14:50 EDT
Fellow SunManagers,
CERT Advisory CA-2002-19 "Buffer Overflow in Multiple DNS Resolver
Libraries":
http://www.cert.org/advisories/CA-2002-19.html
claims that Solaris is vulnerable; however, I have been unable to
locate an open bugid to track on SunSolve. There are two (4708913 and
4710816), but both are closed and have no Patch ID associated with
them. The only recent patch of libresolv.so I've seen is:
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109326&rev=08
which does not claim to address this bug and predates the announcement
by 3 days.
What's weirder is that I have neither seen mention of it here nor seen
the usual amount of discussion in Bugtraq, so I have no idea if I'm
really vulnerable. So, is Solaris vulnerable? And if so, has anybody
heard what Sun's plans are for a patch?
BTW, I suppose the correct thing to do in this situation is to just
open up a case with Sun, but since this should be of general interest,
I'm asking here. Respond to me and I'll summarize. Thanks!
-- Mike _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:35 EDT