>Several exploits for rpc.cmsd seems to be floating around. This
>vulnerability is being actively exploited. The vulnerability
>is known to exist at least in Solaris 7, possibly in earlier
>versions.
>
>Sun patch 107022-02 does not fix the vulnerability. Sun
>has been informed and they are working on a patch. Should be
>fixed in 107022-03.
The following patches have now been released:
107022-03 CDE 1.3 (Solaris 7/SPARC)
107023-03 CDE 1.3_x86 (Solaris 7/x86)
105567-08 CDE 1.2_x86 (Solaris 2.6)
104976-04 OW 3.5.1 (Solaris 2.5.1)
105124-03 OW 3.5.1_x86 (Solaris 2.5.1_x86)
103251-09 OW 3.5 (Solaris 2.5)
103273-07 OW 3.5_x86 (Solaris 2.5_x86)
101513-14 OW 3.3 (Solaris 2.3)
100523-25 OW 3.0 (SunOS 4.1.3/4.1.3C/4.1.3_U1/4.1.4)
Already released was (one week ago):
105566-08 CDE 1.2 (Solaris 2.6/SPARC)
Casper
