Re: Looking for Info

• Previous message: Simon Waters: "Re: Determing Microsoft Exchange Versions..?"
• In reply to: Rovert John F DLVA: "Looking for Info"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 29 Jul 2002 13:42:47 -0500
From: Pete Rotheroe <protheroe@paladintek.com>
To: Rovert John F DLVA <RovertJF@nswc.navy.mil>

John,

There is a known buffer overflow in Solaris (pre 8) which would affect 2.6.

See advisory 12/12/01

CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login

for more details.

Supposedly this vulnerability provides remote root access when correctly
exploited.

I believe Sun provided patches for this issue shortly after the advisory
was issued.

Pete Rotheroe
Paladin Technologies, Inc.

Rovert John F DLVA wrote:

>Greetings
>
> I have, what I hope is a simple question.
>
> We are running PVCS Dimensions 6.0 SP2
> from Merant.
>
> I am currently embroiled in a rather heated
> discussion with management about possible
> user threats to the above package.
>
> Does anyone have any experience pen-testing
> this, or know of any attacks that may
> allow root access to the underlying system?
>
> The above is on a Sun Ultra Enterprise
> running Solaris 5.6
>
> Thanks in advance for any information
>
>John F. Rovert
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: Simon Waters: "Re: Determing Microsoft Exchange Versions..?"
• In reply to: Rovert John F DLVA: "Looking for Info"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Laboratory Setup Help (RS) ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >> vulnerabilities please see: ... >This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: Cross Site Scripting Vulnerabilities - XSS ... Cross Site Scripting Vulnerabilities - XSS ... >> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Cross Site Scripting Vulnerabilities - XSS ... Cross Site Scripting Vulnerabilities - XSS ... >>> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: Vulnebrability level definition ... 'severity' of a given vulnerability, and this severity can change with time. ... different methodologies to rate vulnerabilities and present the associated ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Scanners and unpublished vulnerabilities - Full Disclosure ... AH> vulnerabilities they have notified vendors about. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint