Re: [unisog] CERT® Advisory CA-2001-34 Buffer Overflow in System V Derived Login

greg gaustad gaustad at eng.utoledo.edu
Fri Dec 14 14:17:40 GMT 2001


At least for those on support, Sun will supply via email
temporary "use at your own risk" patches until fully
tested patches are available next week.
Refer to the CERT advisory and login buffer overflow.
They came all in one tarball:
	T105665-04
	T106160-02
	T111085-02
	T111085-02
	T112300-01
-----------------------------------------------------------------
>Mailing-List: contact unisog-help at sans.org; run by ezmlm
>X-No-Archive: yes
>List-ID: unisog
>List-Post: <mailto:unisog at sans.org>
>List-Help: <mailto:unisog-help at sans.org>
>List-Unsubscribe: <mailto:unisog-unsubscribe at sans.org>
>List-Subscribe: <mailto:unisog-subscribe at sans.org>
>List-Digest-Subscribe: <mailto:unisog-digest-subscribe at sans.org>
>List-Digest-Unsubscribe: <mailto:unisog-digest-unsubscribe at sans.org>
>Delivered-To: mailing list unisog at sans.org
>Delivered-To: moderator for unisog at sans.org
>Date: Thu, 13 Dec 2001 23:11:30 -0800
>From: Michael Sanderson <sanders at cs.ubc.ca>
>X-Accept-Language: en
>MIME-Version: 1.0
>To: unisog at sans.org
>Content-Transfer-Encoding: 8bit
>Subject: Re: [unisog] CERT® Advisory CA-2001-34 Buffer  Overflow in System V 
Derived Login
>
>Alan Vidmar wrote:
>> 
>> CERT® Advisory CA-2001-34 Buffer Overflow in System V Derived Login:
>> Original release date: December 12, 2001
>
>> Sun Solaris 8 and earlier
>> 
>Sun doesn't appear to have public patches yet.  Does anyone know if the
>noexec_user_stack setting in Solaris will thwart the current exploit?
>
>    Michael Sanderson

Greg Gaustad
Engineering College Computing
Voice:	419-530-8023
email:	gaustad at eng.utoledo.edu
Office:	NI 1010



More information about the unisog mailing list