exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

S-92-20.asc

S-92-20.asc
Posted Jan 10, 2000

Subject Sun Security Bulletin #00118 Date 17-nov-92

SHA-256 | 6c560b6287473fd0f41fe1319b8b25760ed7ac7444a56a4a573738749c5e25c8

S-92-20.asc

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===============================================================================
>> CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl. Links <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>> <<
>> CERT-NL also has stopped the CERT-CC-Mirror service. Due to this the <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the <<
>> complete CERT-CC advisory texts: http://www.cert.org <<
===============================================================================

===============================================================================
Security Advisory CERT-NL
===============================================================================
Author/Source : Erik-Jan Bos (CERT-NL) Index : S-92-20
Distribution : SURFnet constituency Page : 1
Classification: External Version: Final
Subject : Sun Security Bulletin #00118 Date : 17-nov-92
===============================================================================

CERT-NL has received information from Sun Microsystems regarding the
availability of the following eighteen security patches for SunOS
versions 4.1.3, 4.1.2, 4.1.1, 4.1, 4.0.3 and Solaris 2.0 (which
contains SunOS 5.0).

The patches are available both through your local Sun Answer Center and
anonymous ftp. The nearby anonymous FTP server containing these patches
is ftp.nic.surfnet.nl [192.87.46.2]. Retrieve the patches from the
netman/cert-nl/sun-fixes directory. The patches are contained in
compressed tar files named [patch].tar.Z. For example, if you wish to
obtain patch 100103-11, the tarfile would be 100103-11.tar.Z. Each
patch has been checksummed using the SunOS "sum" command so its
validity can be verified by the end user. If you find that the checksum
differs from that listed below, please contact Sun Microsystems or
CERT-NL for confirmation before using the patch. To install the patches
on your system, follow the instructions contained in the README files
which accompany each patch. To avoid needless international network
traffic CERT-NL advises to obtain the patches from the above mentioned
server and not from the servers mentioned in the Sun provided text
below.

- --- Start of Sun provided text

SUN MICROSYSTEMS SECURITY BULLETIN: #00118, 11 November 92

This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.

Sun expressly disclaims all liability for any misuse of this information
by any third party.
- ---------------------------------------------------------------------------

All patches listed are available through your local Sun answer centers
worldwide as well as through anonymous ftp: in the US, ftp to ftp.uu.net
and obtain the patch from the /systems/sun/sun-dist directory; in Europe,
ftp to mcsun.eu.net and obtain the patch from the ~ftp/sun/fixes directory.
Note that Sun does not have direct access to mcsun.eu.net and must request
that patches be copied from ftp.uu.net to mcsun.eu.net. Therefore, there
may be a time lag before patches appear on mcsun.eu.net.

Please refer to the BugId and PatchId when requesting patches from Sun
answer centers.

- ----------------------------------------------------------------------------

BULLETIN TOPICS

I. Patches that contain fixes for new bugs. These patches were also
updated for 4.1.3 compatibility if applicable.
A. 100103-11 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: script to change file
permissions to a more secure mode
B. 100173-09 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: NFS Jumbo Patch
C. 100201-06 - SunOS 4.1, 4.1.1: C2 Jumbo Patch
D. 100267-09 - SunOS 4.1.1: international libc replacement with all
4.1.1 patches
E. 100305-10 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: lpr, lpd, lpstat
F. 100377-05 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: sendmail, sendmail.mx
G. 100507-04 - SunOS 4.1.1, 4.1.2, 4.1.3: tmpfs jumbo patch
H. 100513-01 - SunOS 4.1 4.1.1 4.1.2 4.1.3: jumbo tty patch
I. 100564-05 - SunOS 4.1.2, 4.1.3: C2 Jumbo Patch
J. 100723-01 - Solaris 2.0FCS/SunOS 5.0, install creates security holes

II. Patches upgraded for SunOS 4.1.3
A. 100296-04 - SunOS 4.1.1, 4.1.2, 4.1.3: netgroup exports to world
B. 100482-03 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: ypserv, ypxfrd
C. 100372-02 - SunOS 4.1.1, 4.1.2, 4.1.3: tfs and c2 do not work together
D. 100383-05 - SunOS 4.0.3, 4.1, 4.1.1, 4.1.2, 4.1.3: rdist security
enhancement
E. 100567-04 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: icmp redirects, mfree panic
F. 100630-01 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: login international,
su, LD_ environment variables
G. 100633-01 - SunOS 4.1.1,4.1.2, 4.1.3: unbundled SunSHIELD ARM 1.0,
"LD_" environment variables can be used to exploit login/su,
International version.

==============================================================================

SPECIAL NOTE: Upgraded patches 100173-09, 100507-04, 100513-01, and
100567-04 all require that a new kernel be configured, made, and installed.
All four patches provide significant security enhancements. Note that the
installer need only build a new kernel once, after loading in the object files
(".o" files) from one or more of the mentioned patches.

==============================================================================

PATCHES THAT CONTAIN FIXES FOR NEW BUGS

A. Sun Patch ID: 100103-11, shell script modification of file permissions
to a more secure mode.
Sun Bug IDs: 1046817, 1047044, 1048142, 1054480, 1037153, 1039292, 1042662
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: The script for this patch has been tested on 4.1.3 and also
changes the permissions for two additional files:
/var/yp/`domainname`/mail.aliases.dir and
/var/yp/`domainname`/mail.aliases.pag.

Checksum of compressed tarfile 100103-11.tar.Z on ftp.nic.surfnet.nl =
19847 6


B. Sun Patch ID: 100173-09, NFS Jumbo Patch
Sun Bug IDs: 1039977, 1032959, 1029628, 1037476, 1038302, 1034328,
1045536, 1030884, 1045993, 1047557, 1052330, 1053679, 1041409,
1065361, 1066287, 1064433, 1070654, 1076985, 1095935, 1097593
SunOS release: 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 and fix for bugid 1097593
Problem Description:
Bug 1097593 - Accessing NFS mounted files as root causes any application
not to be able to access the same file regardless of the file's
permissions.

Checksum of compressed tarfile 100173-09.tar.Z on ftp.nic.surfnet.nl =
28314 788


C. Sun Patch ID: 100201-06, C2 Jumbo Patch
Sun Bug IDs: 1059261, 1043667, 1040465, 1044204, 1040334, 1047131, 1049585,
1058378, 1063796, 1085851, 1097292
SunOS release: 4.1, 4.1.1 (Please refer to Patch 100564-05 for 4.1.2, 4.1.3)
Synopsis: Bug fixes for 1063796, 1085851, 1097292
Problem Description:
Bug 1063796 - when running C2 with NIS, yppasswd from client system
would take 5 minutes delay.
Bug 1085851 - a dynamically-linked program that is executed by a
setuid program has access to the callers environmental variables if
the setuid program sets the real UID equal to the effective UID and
the real GID equal to the effective GID before the dynamically-linked
program is executed.
Bug 1097292 - rpc.pwdauthd's core image contains plaintext passwords
and passwd.adjunct file.

Checksum of compressed tarfile 100201-06.tar.Z on ftp.nic.surfnet.nl =
13145 164


D. Sun Patch ID: 100267-09, international libc replacement with all 4.1.1
patches
Sun Bug IDs: 1034993, 1045471, 1033812, 1038500, 1050040, 1051619, 1053346,
1053356, 1052398, 1069731, 1069726, 1033104, 1069972, 1061071, 1054748,
1049421, 1070565, 1059039, 1072740, 1088455, 1041424, 1087375, 1053431,
1093261, 1091493
SunOS release: 4.1.1
Synopsis: Bug fixes for 1053431, 1093261, 1091493
Problem Description:
Bug 1053431 - innetgr may acknowledge false netgroup membership.
Bug 1093261 - undefined symbols when linking statically with "mblen()".
Bug 1091493 - mbtowc and mbstowcs give different results for same
character.

Checksum of compressed tarfile 100267-09.tar.Z on ftp.nic.surfnet.nl =
55338 5891


E. Sun Patch ID: 100305-10, passwd, lpd, lpr, delete, system, lpstat -v
Sun Bug IDs: 1016437, 1040453, 1057834, 1058003, 1059620, 1061504,
1063772, 1081850, 1081968, 1090527
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 and fix for bugid 1090527
Problem Description:
Bug 1090527 - lpstat -v only returns the second entry from printer
alias list.

Checksum of compressed tarfile 100305-10.tar.Z on ftp.nic.surfnet.nl =
28781 368


F. Sun Patch ID: 100377-05, sendmail Jumbo Patch
Sun Bug IDs: 1056203, 1030087, 1068637, 1085853, 1041284, 1092073,
1092650, 1093667, 1089670, 1084351
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 and fix for bugids 1093667,
1092650, 1092073, 1089670, 1084351
Problem Description:
Bug 1093667 - Sendmail doesn't generate error mail in error conditions.
Bug 1092650 - Sendmail truncates the header if the header length is
too long.
Bug 1092073 - sendmail loops on mail where name of recipient contains
eight bit character(s).
Bug 1089670 - Sendmail.mx doesn't handle subdomains.
Bug 1084351 - Sendmail gets 550 user unknown during "rcpt to" right
after reboot.

Checksum of compressed tarfile 100377-05.tar.Z on ftp.nic.surfnet.nl =
29141 1076


G. Sun Patch ID: 100507-04, tmpfs jumbo patch
Sun Bug IDs: 1038651, 1091294, 1089447, 1083412
SunOS release: 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 and fix for bugid 1083412
Problem Description:
Bug 1083412 - copying files from an nfs mounted partition to a tmpfs
mount can result in security breach.

Checksum of compressed tarfile 100507-04.tar.Z on ftp.nic.surfnet.nl =
57590 61


H. Sun Patch ID: 100513-01, Jumbo tty patch
Sun Bug IDs: 1008324, 1040722, 1048128, 1060689, 1064320, 1069768, 1070495
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: This patch is a consolidation of patches 100225-02, 100194-02,
100397-01, 100188-02 (TIOCCONS), 100358-01, and 100414-01; it also
includes a fix for bugid 1064320. As such this patch supersedes
these previous patches.
Problem Description:
Bug 1064320 - in a 4/110 with ALM-2, null characters are not echoed
with a Hayes Smartmodem1200.
Bug 1008324 - TIOCCONS can be used to re-direct console output/input
away from "console" (for obsolete patch 100188-02).

Checksum of compressed tarfile 100513-01.tar.Z on ftp.nic.surfnet.nl =
20616 480


I. Sun Patch ID: 100564-05, C2 Jumbo Patch
Sun Bug IDs: 1040334, 1043667, 1058378, 1059261, 1063796, 1039587, 1097292
SunOS release: 4.1.2, 4.1.3 (Please refer to Patch 100201-06 for 4.1, 4.1.1)
Synopsis: Patch upgraded for SunOS 4.1.3 and fix for bugids 1097292 and
1006905
Problem Description:
Bug 1097292 - rpc.pwdauthd's core image contains plaintext passwords
and passwd.adjunct file.
Bug 1006905 - rpc.yppasswdd can sometimes corrupt passwd dbm files

Checksum of compressed tarfile 100564-05.tar.Z on ftp.nic.surfnet.nl =
00115 824


J. Sun Patch ID: 100723-01, Solaris 2.0FCS install
Sun Bug IDs: 1098207
SunOS release: Solaris 2.0FCS/SunOS 5.0
Synopsis: Solaris 2.0FCS/SunOS 5.0 install creates security holes
Problem Description:
Bug 1098207 - Solaris 2.0FCS install procedures leave world-writable
directories, thus opening a path for normal users to gain root
privileges.

Note that this patch contains a README file only. The README file instructs
the installer to run the following command as root after the installation
of Solaris 2.0:

# pkgchk -f

The command above will correct improperly set directory and file attributes
created during the installation process.

Checksum of compressed tarfile 100723-01.tar.Z on ftp.nic.surfnet.nl =
22726 1

==============================================================================

UPGRADED PATCH INFORMATION FOR SUNOS 4.1.3 COMPATIBILITY


A. Sun Patch ID: 100296-04, netgroup exports to world
Sun Bug IDs: 2000680, 1044852, 1048890, 1047410
SunOS release: 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3

Checksum of compressed tarfile 100296-04.tar.Z on ftp.nic.surfnet.nl =
42492 40


B. Sun Patch ID: 100482-03, ypserv and ypxfrd security patch
Sun Bug IDs: 1036869, 1039839, 1082319, 1082320, 1080353
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3

Please note that the /var/yp/securenets configuration file that is provided
in this patch does not support blank lines.

Checksum of compressed tarfile 100482-03.tar.Z on ftp.nic.surfnet.nl =
27837 342


C. Sun Patch ID: 100372-02, tfs and c2 do not work together
Sun Bug IDs: 1052574
SunOS release: 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.2 and 4.1.3 compatibility

Checksum of compressed tarfile 100372-02.tar.Z on ftp.nic.surfnet.nl =
22739 712


D. Sun Patch ID: 100383-05, rdist security enhancement
Sun Bug IDs: 1069497, 1074961
SunOS release: 4.0.3, 4.1, 4.1.1, 4.1.2 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 compatibility

Checksum of compressed tarfile 100383-05.tar.Z on ftp.nic.surfnet.nl =
52230 135


E. Sun Patch ID: 100567-04
Sun Bug IDs: 1087460, 1093937
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 compatibility

Checksum of compressed tarfile 100567-04.tar.Z on ftp.nic.surfnet.nl =
15728 11


F. Sun Patch ID: 100630-01, login international, su, LD_ environment variables
Sun Bug IDs: 1085851
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 compatibility

Note that this patch contains the international version of /bin/login
that users who are not using the US Encryption Kit need to install.
Patch 100631-01 contains the domestic version of /bin/login. /usr/bin/su
and /usr/5bin/su from this international patch are suitable for
sites that use the US Encryption Kit. Export restrictions prevent
putting patch 100631-01 onto anonymous ftp sites. Please contact
your Sun Answer Center for patch 100631-01.

Checksum of compressed tarfile 100630-01.tar.Z on ftp.nic.surfnet.nl =
28074 39
Checksum of compressed tarfile 100631-01.tar.Z on ftp.nic.surfnet.nl =
44444 25


G. Sun Patch ID: 100633-01, Unbundled SunSHIELD/ARM: login international, su,
LD_ environment variables
Sun Bug IDs: 1085851
SunOS release: 4.1.1, 4.1.2, 4.1.3; Unbundled Product: SunSHIELD, ARM
Synopsis: Patch upgraded for SunOS 4.1.3 compatibility

Checksum of compressed tarfile 100633-01.tar.Z on ftp.nic.surfnet.nl =
33264 20

===========================================================================

Sun Microsystems acknowledges the Department of Energy's Computer Incident
Advisory Capability (CIAC), especially the efforts of Karyn Pichnarczyk,
for their assistance in and review of patch revision issues pertaining
to SunOS 4.1.3.

Sun Microsystems recommends that all customers concerned with the security
of their SunOS system(s) obtain and install the patches that are applicable
to their computing environment.

- --- End of Sun provided text

CERT-NL wishes to thank Sun Microsystems for their effort in making
this information, together with the patches, available.

==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).

All CERT-NL material is available under:
http://cert.surfnet.nl/

In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS
Phone: +31 302 305 305 BUSINESS HOURS ONLY
Fax: +31 302 305 329 BUSINESS HOURS ONLY
Snailmail: SURFnet bv
Attn. CERT-NL
P.O. Box 19035
NL - 3501 DA UTRECHT
The Netherlands

NOODGEVALLEN: 06 22 92 35 64 ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOL6V/DSYjBqwfc9jEQIhIwCg2UKFUPqxEf4BL/SCtbqlIdxsCUcAnAyW
IxL1BhCj+ZNTuKd4e8mGlBB/
=8WmM
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close