[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] glibc <= 2.1.3 vulnerabilities

Subject: [cobalt-security] glibc <= 2.1.3 vulnerabilities
From: dfdml@xxxxxxxxxxx
Date: Tue, 05 Sep 2000 09:42:16 -0400

Hi,

I just wanted to point out several issues related to glibc security thathas recently been discussed on the bugtraq list however I've yet to see anypatches from cobalt regarding this. They are ultimately local rootvulnerabilities but unless you dont allow cgi scripts its probablyexploitable through those means as well. For more information, please havea look at:


http://marc.theaimsgroup.com/?l=bugtraq&m=96809992028030&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=96809850526216&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=96809981627942&w=2

My best guess is that all cobalt's products are vulnerable; at least thefollowing appear to be:


RAQ1  glibc-2.0.7-7
RAQ2  glibc-2.0.7-10
RAQ3  glibc-2.1.1-6
RAQ4  glibc-2.1.3-15C1
Qube2  glibc-2.0.7-10

Hopefully cobalt will expedite the fixes related to this, allthough basedon past performance I wouldn't hold my breath.


- Dave

Prev by Date: Re: [cobalt-security] URGENT Hacking
Next by Date: Re: [cobalt-security] URGENT Hacking
Previous by thread: RE: [cobalt-security] URGENT Hacking
Next by thread: [cobalt-security] Raq2 pop problem

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index