Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit

Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit

From: Mike Battersby <mib_at_deakin.edu.au>
Date: Tue, 19 Nov 1996 15:07:50 +1100

Russell Street writes:
> > with patch level 103615-01 and up. Try backing out of that patch and it
> I have a 2.5 machines (SS4, SS10) that is vunerable. It has no patches at

Our 2.5.1 machines don't have that patch installed. They're vulnerable
with:

hosts: dns
or hosts: dns files

in nsswitch.conf, but as soon as you add "nis" in there the exploit program
just sends things into an infinite loop (it appears).

- Mike

--
|   Mike Battersby                        |   mike_at_starbug.bofh.asn.au        |
|   http://www.deakin.edu.au/~mib/        |   mib@deakin.edu.au               |

Received on Nov 19 1996

This message: [ Message body ]
Next message: Oliver Friedrichs: "Serious BIND resolver problem."
Previous message: Russell Street: "Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit"
In reply to: Russell Street: "Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit"
Next in thread: Casper Dik: "Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit"
Reply: Casper Dik: "Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]