The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #365 [Yellow Pages Bug] (1 message, 415 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/365.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Jon Rochlis <jon@ATHENA.MIT.EDU>
To: phage
Date: Sun 21:03:38 15/01/1989 EST
Subject: Yellow Pages Bug
References: [Thread Prev: 364] [Thread Next: 366] [Message Prev: 364] [Message Next: 366]


   Does this apply if the contents of the RPC replys are expected to
   be encrypted? As I understand it SunOS 4.0 provides for encrypted RPC
   packet data.

*If* Sun did it right and you enable it, then an encrypted RPC should
protect against this kind of attack.  But that still leaves all the
3.X Sun systems out there ...

			-- Jon

END OF DOCUMENT