[SunRescue] FW: RE: http://www.cert.org/advisories/CA-2000-17.html and Solaris...
Jonathan Katz
jon at jonworld.com
Mon Aug 21 14:57:18 CDT 2000
Hey there!
In the CERT release it flat out says:
>> Sun Microsystems, Inc.
>>
>> Our rpc.statd is not vulnerable to this buffer overflow.
If you read the release you'd see in the 'Overview':
>> "... This program is included, and often installed by default, in
>> several popular Linux distributions."
This advisory is for Linux's rpc.statd and no-one else's. However, in the
past there have been lots of exploits for many different people's
rpc.statd. You should always run the latest patches regardless... and if
your box is out on the 'net (like my poor corinne is) turn off as much
as you can. I have inetd running solely for launching tcp-wrappers around
qmail and in.telnetd.
Take care.
-Jon
--
Jonathan Katz
e-mail: jon at jonworld.com
website: http://jonworld.com
proprietor: http://bachelor-cooking.com
Cell: 317-698-4023 * Pager: 800-759-8888 1770869 * FAX: 530-688-5347
More information about the rescue
mailing list