>On Tue, 13 Feb 2007 Casper.Dik@xxxxxxx wrote: >> >> >On Tue, 13 Feb 2007 Casper.Dik@xxxxxxx wrote: >> >> >> >> > >> >> >Am I missing something? This vulnerability is close to 10 years old. >> >> >It was in one of the first versions of Solaris after Sun moved off of >> >> >the SunOS BSD platform and over to SysV. It has specifically to do w= >> >> >ith >> >> >how arguments are processed via getopt() if I recall correctly. >> >> >> >> You're confused with AIX/Linux >> >> >> >> Solaris did not have the -f option in login until much later. >> > >> >Hi Casper. While we have you here, any idea on when Sun will be patching >> >this issue? >> >> Now, follow the links from http://sunsolve.sun.com/tpatches >> >> Casper >> > >Many thanks Casper! Can you give some more information on exactly what is >patched. Any Sun released advisory? The simplest possible fix on such short notice: http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-inet/usr.sbin/in.telnetd.c?r2=3629&r1=2923 Casper
