[Bush2000]

Here's the CERT link about the Solaris hole. It was posted January 14, 2002. Some people on this thread would like you to believe this stuff doesn't happen in the Unix world and, worse, deny it when it does. Otherwise, they'd have a hard time saying that only MS has security issues...

[Dominic Harr]

Here's the CERT link about the Solaris hole. It was posted January 14, 2002.

The *update* was posted January 14, 2002. A certain MS employee linked to an *update* of an old bug and called it a new exploit, for obvious reasons.

You'll notice the first line there says, The CERT/CC has received credible reports of scanning and exploitation of Solaris systems running the CDE Subprocess Control Service buffer overflow vulnerability identified in CA-2001-31 and discussed in VU#172583.

You click on CA-2001-31 and notice it says This vulnerability was first reported to us in March 1999, and more recently by Internet Security Systems (ISS) X-Force. .

The Clintons would be proud! Ya'll have an MS employee trying to snow you big-time! You should be happy that we rate this kind of effort from MS.

[TechJunkYard]

And here's an advisory from RedHat dated yesterday... you're right -- it happens to everybody.