Bugtraq: Clarification needed on the snoop vuln(s)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Clarification needed on the snoop vuln(s)

From: ah () SECURITYFOCUS COM (Alfred Huger)
Date: Thu, 9 Dec 1999 11:56:11 -0800


As you all know, we have recently seen two /usr/sbin/snoop overflows.
Posted by both ISS and w00w00. Sun has released patches for the ISS
vulnerability, what I am wondering is, does this also solve the w00w00
problem.

For referance the patches in question are:

Solaris 7       sparc   108482-01
Solaris 7       x86     108483-01
Solaris 5.6     sparc   108492-01
Solaris 5.6     x86     108493-01
Solaris 5.5     sparc   108501-01
Solaris 5.5     x86     108502-01
Solaris 5.4     sparc   108490-01
Solaris 5.4     x86     108491-01
Solaris 5.3     sparc   108489-01

The vulnerabilties in question are:

ISS /usr/sbin/snoop:

http://www.securityfocus.com/bid/864

w00w00 /usr/sbin/snoop overflow:

http://www.securityfocus.com/bid/858

Alfred Huger
VP of Engineering
SecurityFocus.com

By Date By Thread

Current thread:

Re: Big problem on linux 2.0, (continued)
- From the SCO Security Page Alfred Huger (Dec 06)
- w00giving #8] Solaris 2.7's snoop Aleph One (Dec 06)
  - Re: w00giving #8] Solaris 2.7's snoop Shane A. Macaulay (Dec 09)
  - Clarification needed on the snoop vuln(s) Alfred Huger (Dec 09)
- FTP denial of service attack Darren Reed (Dec 07)
  - Re: FTP denial of service attack Renaud Deraison (Dec 07)
    - FTP DoS - PORT and PASV effected. Darren Reed (Dec 07)
    - Re: FTP DoS - PORT and PASV effected. Henrik Nordstrom (Dec 09)
  - Re: FTP denial of service attack antirez () INVECE ORG (Dec 07)