Apologies for the late summary, but I have been trying to avoid admitting publicly that I'm an idiot. :-) I had an anti-spam filter that, among other things, /dev/null-ed e-mail to my sunmanagers mailbox that wasn't from sunmanagers@sunmanagers.org. So, I probably got some replies before I realized this and fixed it, but I never saw them. One of my coworkers did open a case with Sun. Supposedly, Solaris is vulnerable and they are working on a patch. The bugid he gave me is 4708913 (one of the ones I found). Personally, I'm still skeptical since SunSolve says that the bugid is closed. That's all I know. Sorry for the lame summary. -- Mike >>>>> "Mike" == Mike Fuller <sunmanagers@mikeandanna.net> writes: > CERT Advisory CA-2002-19 "Buffer Overflow in Multiple DNS Resolver > Libraries": > http://www.cert.org/advisories/CA-2002-19.html > claims that Solaris is vulnerable; however, I have been unable to > locate an open bugid to track on SunSolve. There are two (4708913 > and 4710816), but both are closed and have no Patch ID associated > with them. The only recent patch of libresolv.so I've seen is: > http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109326&rev=08 > which does not claim to address this bug and predates the > announcement by 3 days. > What's weirder is that I have neither seen mention of it here nor > seen the usual amount of discussion in Bugtraq, so I have no idea if > I'm really vulnerable. So, is Solaris vulnerable? And if so, has > anybody heard what Sun's plans are for a patch? > BTW, I suppose the correct thing to do in this situation is to just > open up a case with Sun, but since this should be of general > interest, I'm asking here. Respond to me and I'll summarize. _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Jul 19 02:18:32 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:49 EST