I have received the following information from Sun regarding this issue.
First, Solaris 2.6 is fine in this regard.
Patch OS Arch
105051-01 2.5.1 1386
105052-01 2.5.0 sparc
105053-01 2.5.0 intel
102711-02 2.4.0 sparc
102712-02 2.4.0 intel
Patch OS Arch
103187-33 2.5 sparc
103188-33 2.5 intel
103612-38 2.5.1 sparc
103613-37 2.5.1 intel
There is no patch for 2.4 as it is related to "nscd".
Actually it is the "nscd client side" that has the problem, so you must make
sure you replace the "/usr/lib/libnsl*" files in the appropriate patch.
On Tue, 27 Jan 1998, Randall S. Winchester wrote:
: A root exploit for ping was published on the net 3 weeks ago (That is 21
: days). It is trivial for anyone with gcc to compile, execute, and exploit
: the published buffer overflow problem.
: You can get a root shell any time, every time, and instantly!
: Does Sun not track these well known sites that publish these exploits?
: The fix is trivial, you just need to limit the length of of the "hostname"
: field to MAXHOSTNAMELEN. (If you have source....)
: The possibility for a problem probably exists in Solaris 2.6 as well however
: the exploit needs to be modified for the different libraries.
: So WHERE IS THE PATCH?
: Until then you should *all* "chmod u-s /usr/sbin/ping", as root of course.
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:30 CDT