In-Reply-To: <[EMAIL PROTECTED]>
Well, the release notes for the service packs does mention the
vulnerability you're talking about.
6.0 SP 3:
http://docs.iplanet.com/docs/manuals/enterprise/60sp3/rn60sp3.html
4.1 SP 10:
http://docs.iplanet.com/docs/manuals/enterprise/41/rn41sp10.html
Download page:
http://wwws.sun.com/software/download/inter_ecom.html#webs
Cheers
/Hubbel Yo
>I originally wrote to Sun about this on May 22 2002 and
>was advised that it would be fixed in the next Service
>Pack. David Litchfield says that 6.0 SP3/4.1 SP10 is
>out, but I don't yet see it on their Product Tracker
>site. I was going to wait to release this information
>until I had the Service Pack, feeling secure with my
>Snort sig but decided to go ahead since it pales in
>comparison to David's buffer overflow advisory.