> > I just called local Sun support. They don't know anything about this > hole and they don't accept the 8lgm advisory as problem report as we > cannot prove that the bug exists on *our* SunOS host. Outch! I cannot > believe that nobody else has opened a service call or bug fix request > (or whatever Sun calls this) at Sun Microsystems. They referred me to > patch 100909-03 which fixed a hole in syslogd for SunOS 4.1.3... > > My questions are: > > - Is there an official patch from Sun and what's the patch-ID? not as far as i know > - Has anybody talked to Sun about this problem? yes > - Is Sun working on a patch? yes. Mark Graff is the man you want to speak to - graff@eng.sun.com. He's in charge of sorting the patches out. Mark's told us (8LGM) that Sun have produced exploitation code for this, and are working on a fix. I dont know the status of it, perhaps Mark will reply as I know he watches this list. -- ------------------------------------------+----------------------------------- Mailed using ELM on FreeBSD | Karl Strickland PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk |