From: Mike Fuller (sunmanagers@mikeandanna.net)
Date: Fri Jul 19 2002 - 02:10:48 EDT
Apologies for the late summary, but I have been trying to avoid
admitting publicly that I'm an idiot. :-) I had an anti-spam filter
that, among other things, /dev/null-ed e-mail to my sunmanagers
mailbox that wasn't from sunmanagers@sunmanagers.org. So, I probably
got some replies before I realized this and fixed it, but I never saw
them.
One of my coworkers did open a case with Sun. Supposedly, Solaris is
vulnerable and they are working on a patch. The bugid he gave me is
4708913 (one of the ones I found). Personally, I'm still skeptical
since SunSolve says that the bugid is closed.
That's all I know. Sorry for the lame summary.
-- Mike >>>>> "Mike" == Mike Fuller <sunmanagers@mikeandanna.net> writes: > CERT Advisory CA-2002-19 "Buffer Overflow in Multiple DNS Resolver > Libraries": > http://www.cert.org/advisories/CA-2002-19.html > claims that Solaris is vulnerable; however, I have been unable to > locate an open bugid to track on SunSolve. There are two (4708913 > and 4710816), but both are closed and have no Patch ID associated > with them. The only recent patch of libresolv.so I've seen is: > http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109326&rev=08 > which does not claim to address this bug and predates the > announcement by 3 days. > What's weirder is that I have neither seen mention of it here nor > seen the usual amount of discussion in Bugtraq, so I have no idea if > I'm really vulnerable. So, is Solaris vulnerable? And if so, has > anybody heard what Sun's plans are for a patch? > BTW, I suppose the correct thing to do in this situation is to just > open up a case with Sun, but since this should be of general > interest, I'm asking here. Respond to me and I'll summarize. _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:37 EDT