SUNWlldap vulnerability
From: Brent J. Nordquist (b-nordquist@bethel.edu)
Date: 03/18/03
- Previous message: Patrik Sternudd: "RE: Better Syslog server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Mar 2003 11:21:32 -0600 (CST) From: "Brent J. Nordquist" <b-nordquist@bethel.edu> To: focus-sun@securityfocus.com
The listing at http://securityfocus.com/bid/7064 says that Solaris x86's
LDAP code is vulnerable when resolving host names that are too long. I
think I'm inferring from the README for patch 108993-13 (Solaris 8 SPARC)
that Solaris SPARC is vulnerable too.
The problem is that 108993-13 requires a minimum pthreads patch level,
which requires a minimum kernel patch level, and both of those require a
reboot. This one will be a pain to deploy.
I haven't seen any discussion on this issue (Bugtraq etc.) so I'm trying
to figure out how serious the vulnerability is. What have other people
decided about installing 108993-13? Has anyone determined which code that
links with LDAP libraries might be vulnerable, and how (local or remote,
root, etc.)?
-- Brent J. Nordquist <b-nordquist@bethel.edu> N0BJN Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
- Previous message: Patrik Sternudd: "RE: Better Syslog server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
