| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Feb 2007 22:00:57 +0100 From: Casper.Dik@....COM To: Gadi Evron <ge@...uxbox.org> Cc: Oliver Friedrichs <oliver_friedrichs@...antec.com>, bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Re: Solaris telnet vulnberability - how many on your network? >On Tue, 13 Feb 2007 Casper.Dik@....COM wrote: >> >> >On Tue, 13 Feb 2007 Casper.Dik@....COM wrote: >> >> >> >> > >> >> >Am I missing something? This vulnerability is close to 10 years old. >> >> >It was in one of the first versions of Solaris after Sun moved off of >> >> >the SunOS BSD platform and over to SysV. It has specifically to do w= >> >> >ith >> >> >how arguments are processed via getopt() if I recall correctly. >> >> >> >> You're confused with AIX/Linux >> >> >> >> Solaris did not have the -f option in login until much later. >> > >> >Hi Casper. While we have you here, any idea on when Sun will be patching >> >this issue? >> >> Now, follow the links from http://sunsolve.sun.com/tpatches >> >> Casper >> > >Many thanks Casper! Can you give some more information on exactly what is >patched. Any Sun released advisory? The simplest possible fix on such short notice: http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-inet/usr.sbin/in.telnetd.c?r2=3629&r1=2923 Casper
Powered by blists - more mailing lists