home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!utcsri!dgp.toronto.edu!flaps
- Newsgroups: alt.security
- From: flaps@dgp.toronto.edu (Alan J Rosenthal)
- Subject: Re: CERT ADVISORY - Multiple SunOS Vulnerabilities
- Message-ID: <1992Jul23.113003.24332@jarvis.csri.toronto.edu>
- References: <9207211919.AA20501@tictac.cert.org> <1992Jul22.154650.9967@jarvis.csri.toronto.edu> <Brtn3n.1FE@ux1.cso.uiuc.edu>
- Date: 23 Jul 92 15:30:03 GMT
- Lines: 22
-
- lemson@ux1.cso.uiuc.edu (David Lemson) writes:
- >We called Sun today and they said that this Jumbo patch supersedes
- >the old Jumbo patch, even though the readme file doesn't say that.
- >They said to install it even if you have done the old Jumbo patch.
-
- Ok, but I'm still wondering how important the patch is. The CERT advisory said
- something fairly nasty, like "everyone can become root". Does this apply to
- the *differences* between the new patch and the old patch? Like, if a site I
- know (which for obvious reasons shall remain nameless, but it isn't at dgp) has
- installed the old jumbo patch but doesn't install the new one, can "everyone
- become root" or whatever the advisory said?
-
- Someone else was wondering why I would care about the difference between
- closing existing connections and denying new ones. The answer is that I take
- the closing-existing-connections problem more seriously (and it's sort of
- almost nearly a superset of the other problem anyway). If my telnet connection
- to a machine of ours suddenly closes, I'd reconnect and if it connected ok I'd
- think little of it, which would be bad. However, if I got a connection denied,
- I'd go out of my office across the lab and login on the console and see what
- was up and remember the CERT advisory. So I think of the ability to close
- existing connections as more insidious because it's more subtle. I know that
- this isn't exactly really true, but in a practical way it might be.
-