mailing list archives
Re: Solaris 2.5.1 patch not effective?
From: rap () UCLINK BERKELEY EDU (Richard Peters)
Date: Thu, 11 Jun 1998 16:51:19 -0700
At 4:28 PM -0500 6/11/98, Steve Siirila wrote:
I can confirm that the patch 104490-05 is indeed ineffective against at least
one root compromise bug. We experienced such a compromise recently even with
the latest security patches (including 104490-05) installed.
We decided to simply make ufsdump/ufsrestore non-setuid, non-setgid as they
are never run by non-root users at our site anyways.
We also have evidence patch 104490-05 does not fully address the problem.
In a e-mail responce we received from Sun on May 23 in regards to our
security concerns about ufsrestore at current patch level, they stated they
were working on patches for ufsrestore.
University of California at Berkeley