RE: Sun Solaris login bug patches out

From: John Nemeth (jnemeth@victoria.tc.ca)
Date: 12/20/01


From: jnemeth@victoria.tc.ca (John Nemeth)
Date: Thu, 20 Dec 2001 04:25:39 -0800
To: "Kain, Becki (B.)" <bkain1@ford.com>, "'focus-sun@securityfocus.com'" <focus-sun@securityfocus.com>

On May 11, 6:11am, "Kain, Becki (B.)" wrote:
}
} Not to sound doomish, but once we've applied these patches, is there
} a test we can do to see if the vulnerability is gone?

     Have you received any answers? I'm actually looking for an
exploit test for another reason. There has been no discussion about
whether machines running SunOS 5.5 or older are vulnerable. However, I
find it highly unlikely that SunOS 5.5 wouldn't be vulnerable when
SunOS 5.5.1 is, since 5.5 does have the /bin/login env var feature.
The lack of official comment makes me think that perhaps 5.5 has
reached EOSL (although, I haven't seen any comments to that effect
either).

}-- End of excerpt from "Kain, Becki (B.)"