[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-sun
Subject:    Re: /bin/login overflow in SunOS 4.x?
From:       Cy Schubert - ITSD Open Systems Group <Cy.Schubert () uumail ! gov ! bc ! ca>
Date:       2001-12-18 22:05:54
[Download RAW message or body]

In message <20011217153202.K17878@calvin.ucsd.edu>, Brian Parent writes:
> Does anyone know whether SunOS 4.x is vulnerable to the /bin/login 
> buffer overflow problem?  CERT's CA-2001-34 lists "Solaris 8 and earlier"
> as vulnerable.  It's not clear to me whether this includes SunOS 4.x,
> (which at some point was part of Solaris 1.x).  

It shouldn't be vulnerable.  the SunOS 4.x login(1) is based on Berkeley 
code which is not vulnerable to the exploit.  The Solaris login(1) is 
based on AT&T SVR4 code which is vulnerable.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team      Email:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD
Ministry of Management Services
Province of BC
                    FreeBSD UNIX:  cy@FreeBSD.org



[prev in list] [next in list] [prev in thread] [next in thread]