Re: /bin/login overflow in SunOS 4.x?
From: hostmaster@rite-online.netDate: 12/18/01
- Previous message: Myers, Mike: "RE: /bin/login overflow in SunOS 4.x?"
- In reply to: Brian Parent: "/bin/login overflow in SunOS 4.x?"
- Next in thread: David Foster: "Re: /bin/login overflow in SunOS 4.x?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: hostmaster@rite-online.net Date: Tue, 18 Dec 2001 10:51:32 -0800 (PST) To: Brian Parent <bparent@calvin.ucsd.edu>
On Mon, 17 Dec 2001, Brian Parent wrote:
> Does anyone know whether SunOS 4.x is vulnerable to the /bin/login
> buffer overflow problem? CERT's CA-2001-34 lists "Solaris 8 and earlier"
> as vulnerable. It's not clear to me whether this includes SunOS 4.x,
> (which at some point was part of Solaris 1.x).
The original advisory was (IIRC) for SVR4 derived /bin/logins;
given that SunOS 4.x predates SVR4, you might be all right.
The best way to find out, though, is to try the exploit.
Even if SunOS 4.x is vulnerable, I don't think Sun will be
providing a patch for it, as 4.x was EOSLed (End Of Support
Life) *years* ago.
As for "Solaris 8 and earlier", it's a pretty safe bet that
that means "Solaris 2.0 and later".
--
Rich Teer . * * . * .* .
. * . .*
President, . . /\ ( . . *
Rite Online Inc. . . / .\ . * .
*. / * \ . .
. /* o \ .
Voice: +1 (250) 979-1638 '''||''' .
URL: http://www.rite-online.net ******************
- Previous message: Myers, Mike: "RE: /bin/login overflow in SunOS 4.x?"
- In reply to: Brian Parent: "/bin/login overflow in SunOS 4.x?"
- Next in thread: David Foster: "Re: /bin/login overflow in SunOS 4.x?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
