[SunRescue] FW: RE: http://www.cert.org/advisories/CA-2000-17.html and Solaris...

JonathanKatzjon at jonworld.com JonathanKatzjon at jonworld.com
Mon Aug 21 14:57:18 CDT 2000

Hey there!

In the CERT release it flat out says:

>> Sun Microsystems, Inc.
>> Our rpc.statd is not vulnerable to this buffer overflow. 

If you read the release you'd see in the 'Overview':

>> "... This program is included, and often installed by default, in 
>> several popular Linux distributions."

This advisory is for Linux's rpc.statd and no-one else's. However, in the
past there have been lots of exploits for many different people's 
rpc.statd. You should always run the latest patches regardless... and if
your box is out on the 'net (like my poor corinne is) turn off as much
as you can. I have inetd running solely for launching tcp-wrappers around
qmail and in.telnetd. 

Take care.

Jonathan Katz
e-mail: jon at jonworld.com 
website: http://jonworld.com
proprietor: http://bachelor-cooking.com
Cell: 317-698-4023 * Pager: 800-759-8888 1770869 * FAX: 530-688-5347

More information about the rescue mailing list