mailing list archives
From: Ian_MacPhedran () dvinci usask ca (Ian MacPhedran)
Date: Wed, 20 Sep 1995 18:25:14 -0600
On Tue, 19 Sep 1995, Goetz von Escher wrote:
On Sep 19, 4:33pm, Sten Gunterberg wrote:
There's no patch yet, but Sun is apparently working on one. The Bug-IDs
are 1219835 for Solaris 1.x (SunOS 4.x) and 1220257 for Solaris 2.x.
Try to give those to local Sun support and see what happens :-)
Solaris 2.x ??? - I thought this is a BSD problem? Are you telling
me that *all* my Solaris boxes are vulnerable too?
As well as those from other vendors. This is not strictly a Sun problem.
Also local Sun support told me that the patch for Bug 1219835 has been
integrated into SunOS 4.1.4 and there probably won't be a patch for
older versions! Here's the bug info they sent me:
Bug Id: 1219835
Release summary: 4.1.3, 4.1.4, 4.1.3_U1, 4.1
Here's the latest header on that bug report:
Bug Id: 1219835
Release summary: 4.1.3_U1, 4.1.4, 4.1.3, no-v4, 4.1, 5.4, 5.3
Synopsis: Syslog(3) can be abused to gain root access on 4.X systems
Integrated in releases:
Note that there are _NO_ entries for "integrated in releases" nor "patch
But now I'm really getting confused when I read the mail by Andy Cowley
On Sep 19, 4:17pm, andy () btc uwe ac uk wrote:
- Is Sun working on a patch?
patches are available to existing fault call owners. If the problem
is severe for you persuade Sun to send them. They are :-
4.1.3_U1 domestic libc = T101759-04
4.1.3_U1 international libc = T101558-07
4.1.4 domestic libc = T102544-03
4.1.4 international libc = T102545-03
These are betas and Sun will expect testing and a report.
So why would there be a test patch for SunOS 4.1.4 if it was fixed
in that release? I guess one of you guys is wrong.
Your local Sun person was probably wrong. Have them recheck their
information. Note that there is mention of a patch (100909) in bug report
1219835 which is thought to have fixed this which would have been
included in 4.1.3_U1, and 4.1.4. However, it appears that this may not be
Ian MacPhedran, Engineering Computer Centre, 2B13 Engineering Building,
University of Saskatchewan, 57 Campus Drive, Saskatoon SK S7N 5A9, CANADA
Phone: (306)966-4832 Fax: (306)966-5205 Email: Ian_MacPhedran () engr USask CA