>(What about Solaris 2.4?)
Both CDE 1.0.1/1.0.2 (which have seperate rpc.cmsd binaries; these
were merged in later releases) and Solaris 2.4 patches will be released
at a later date.
>Be aware that when these patches[*] are applied, the existing rpc.cmsd
>process (if one exists) seems to be kil
On Wed, 14 Jul 1999 04:28:43 EDT, Casper Dik writes:
>
> The following patches have now been released:
>
> 107022-03 CDE 1.3 (Solaris 7/SPARC)
> 107023-03 CDE 1.3_x86 (Solaris 7/x86)
>
> 105567-08 CDE 1.2_x86 (Solaris 2.6)
> 104976-04 OW 3.5.
Many people told me that they couldn't find the patches.
Not even the one that was supposed to have been released a week ago.
>>The following patches have now been released:
>>
>> 107022-03 CDE 1.3 (Solaris 7/SPARC)
These patches should show up on SunSolve shortly; (Ok, so I should h
>Several exploits for rpc.cmsd seems to be floating around. This
>vulnerability is being actively exploited. The vulnerability
>is known to exist at least in Solaris 7, possibly in earlier
>versions.
>
>Sun patch 107022-02 does not fix the vulnerability. Sun
>has been informed and they are working
Several exploits for rpc.cmsd seems to be floating around. This
vulnerability is being actively exploited. The vulnerability
is known to exist at least in Solaris 7, possibly in earlier
versions.
Sun patch 107022-02 does not fix the vulnerability. Sun
has been informed and they are working on a p
AIL PROTECTED]>
> Sent: Monday, July 12, 1999 4:02 PM
> Subject: Re: Exploit of rpc.cmsd
>
> >
> > I had both a Solaris V2.5.1 (fully patched as of March 20) and a
> > Solaris V2.7 (fully patched as of April 10) broken into. Both had
> > CDE and were running rpc.
I had both a Solaris V2.5.1 (fully patched as of March 20) and a
Solaris V2.7 (fully patched as of April 10) broken into. Both had
CDE and were running rpc.cmsd. I know the breakin was either
due to rpc.cmsd or rpc.rstatd. Note the breakin occured using
high numbered ports.
In any case, I have
Hi, everybody!
> > The calendar manager (rpc.cmsd) on Solaris 2.5 and 2.5.1 is vulnerable
> > to a buffer overflow
> > attack...
> Can you confirm that compromised system(s) were equipped with CDE? Or in
> other words was it /usr/dt/bin/rpc.cmsd that was assigned to do the job
> in /etc/inetd.con
> Hi, everybody!
>
> > > The calendar manager (rpc.cmsd) on Solaris 2.5 and 2.5.1 is vulnerable
> > > to a buffer overflow
> > > attack...
> ... Shall we have a look? Let's 'cm_lookup -c
> [EMAIL PROTECTED]' and simultaneously 'truss -p on
> 2.6.host:
>
> ...
> statvfs("/var/spool/calendar/callog
105566-06 was installed on our machine that was hit, When I reported it
to Sun I recieved e-mail that they are working on a fresh fix, and it'll
be available 'soon'. Perhaps this time they'll fix all the buffer
overflows. Luckly the twerp that went after my machine was a clueless
twit and didn'
Bob!
> The calendar manager (rpc.cmsd) on Solaris 2.5 and 2.5.1 is vulnerable
> to a buffer overflow
> attack...
> ... we have seen the
> intruder delete administrator
> logs, change homepages, and insert backdoors. The attack signature is
> similar to the tooltalk attack.
Can you confirm that c
The calendar manager (rpc.cmsd) on Solaris 2.5 and 2.5.1 is vulnerable
to a buffer overflow
attack. Further, it appears that even patched versions may be
vulnerable. Also, rpc.cmsd under
Solaris 2.6 could also be problematic. Where possible, it should be
disabled in inetd.conf
The exploit allo
12 matches
Mail list logo
