what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

c-29.ciac-sunos-patch-summary

c-29.ciac-sunos-patch-summary
Posted Sep 23, 1999

c-29.ciac-sunos-patch-summary

systems | solaris
SHA-256 | c43b06ffa581dc580ad1ddfda946c2ab34779c4f7bc75ef3bbdd206a2d5a3eb6

c-29.ciac-sunos-patch-summary

Change Mirror Download
       _______________________________________________________
The Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
_____________________________________________________
Information Bulletin

Summary of SunOS Security Patches

July 31, 1992 1400 PDT Number C-29

CIAC has compiled a list of all security related patches currently
available from Sun Microsystems. The patches have been grouped by
SunOS version and are detailed below. CIAC recommends the
installation of any applicable patches that either are not currently
present on your system or are present in the form of an older version
of the patch.

The patches are available both through your local Sun Answer Center
and anonymous ftp. In the U.S., ftp to ftp.uu.net and retrieve the
patches from the directory ~ftp/systems/sun/sun-dist. In Europe, ftp
to mcsun.eu.net and retrieve the patches from the ~ftp/sun/fixes
directory. The patches are contained in compressed tarfiles with
filenames based on the ID number of the patch (e.g. patch 100085-03 is
contained in the file 100085-03.tar.Z), and must be retrieved using
ftp's binary transfer mode.

After obtaining the patches, compute the checksum of each compressed
tarfile and compare with the values indicated below. For example, the
command "sum 100085-03.tar.Z" should produce the value 44177 740.
Please note that Sun Microsystems occasionally updates patch files,
resulting in a changed checksum. If you should find a checksum that
differs from those listed below, please contact Sun Microsystems or
CIAC for verification before using the patch.

Finally, the patches must be extracted from the compressed tarfiles
using the commands uncompress and tar (e.g. to extract patch
100085-03, execute the commands "uncompress 100085-03.tar.Z" and
"tar -xvf 100085-03.tar").

As multiple patches may affect the same files, it is recommended that
patches be installed chronologically by revision date, with the
exception of patches for which an explicit order is specified. To
install a patch on your system, follow the instructions contained
in the README file which accompanies the patch.


SunOS 4.0.1 and 4.0.2
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100085-03 5-Sep-90 44177 740 selection_svc and rpc can be used to
view system files without login
permission

SunOS 4.0.2i
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100108-01 22-Aug-90 50309 146 sendmail can be coaxed into writing a
file not owned by the sender

SunOS 4.0.3 and 4.0.3c
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100224-02 15-Jan-90 39010 223 mail and rmail can invoke root and
uucp shells
100100-01 30-Jul-90 43821 588 sendmail permits users to run programs
with root's group privileges
100101-02 7-Aug-90 42872 34 ptrace security hole
100085-03 5-Sep-90 44177 740 selection_svc and rpc can be used to
view system files without login
permission
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 sv_xv_sel_svc and rpc
permit access to system files
100125-05 8-Jul-91 41964 164 telnet permits password capture
100383-04 5-Feb-92 42306 113 rdist can be forced to create setuid
root programs

SunOS 4.1
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100224-02 15-Jan-90 39010 223 mail and rmail can invoke root and
uucp shells
100101-02 7-Aug-90 42872 34 ptrace security hole
100085-03 5-Sep-90 44177 740 selection_svc and rpc can be used to
view system files without login
permission
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 sv_xv_sel_svc and rpc
permit access to system files
100187-01 15-Dec-90 27724 139 Console input and output can be
redirected
100251-01 25-Mar-91 44264 32 expreserve race condition
100121-08 1-Apr-91 61464 287 NFS jumbo patch
100201-04 3-Jul-91 24358 169 C2 jumbo patch
100125-05 8-Jul-91 41964 164 telnet permits password capture
100103-10 30-Sep-91 26292 7 Many files distributed with incorrect
permissions
100296-02 16-Oct-91 30606 23 rpc.mountd exports filesystems
incorrectly
100383-04 5-Feb-92 42306 113 rdist can be forced to create setuid
root programs
100305-07 3-Mar-92 25894 283 The lp daemon can delete system files
100173-08 7-May-92 32716 562 NFS jumbo patch
100377-04 14-May-92 14692 311 sendmail security holes
100630-01 18-May-92 36269 39 Environment variables can be used to
exploit login and su
100482-02 20-May-92 53416 284 ypserv and ypxfrd will send NIS maps
to anyone
100567-02 13-Jul-92 23118 13 ICMP redirect messages can be used to
make a host drop network connections
100376-04 16-Jul-92 12884 100 Integer division on Sparc can allow
root access

SunOS 4.1_PSR_A
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100224-02 15-Jan-90 39010 223 mail and rmail can invoke root and
uucp shells
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 sv_xv_sel_svc and rpc
permit access to system files
100187-01 15-Dec-90 27724 139 Console input and output can be
redirected
100201-04 3-Jul-91 24358 169 C2 jumbo patch
100296-02 16-Oct-91 30606 23 rpc.mountd exports filesystems
incorrectly
100383-04 5-Feb-92 42306 113 rdist can be forced to create setuid
root programs
100305-07 3-Mar-92 25894 283 The lp daemon can delete system files
100377-04 14-May-92 14692 311 sendmail security holes
100630-01 18-May-92 36269 39 Environment variables can be used to
exploit login and su

SunOS 4.1.1
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100224-02 15-Jan-90 39010 223 mail and rmail can invoke root and
uucp shells
100085-03 5-Sep-90 44177 740 selection_svc and rpc can be used to
view system files without login
permission
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 sv_xv_sel_svc and rpc
permit access to system files
100251-01 25-Mar-91 44264 32 expreserve race condition
100201-04 3-Jul-91 24358 169 C2 jumbo patch
100125-05 8-Jul-91 41964 164 telnet permits password capture
100296-02 16-Oct-91 30606 23 rpc.mountd exports filesystems
incorrectly
100103-10 30-Sep-91 26292 7 Many files distributed with incorrect
permissions
100424-01 12-Nov-91 63070 50 NFS with fsirand file handle guessing
problems
Note: should only be applied with
patch 100173-08
Note: incompatible with Online:
DiskSuite and Backup: Copilot
100448-01 10-Dec-91 02672 5 OpenWindows 3.0 loadmodule security hole
100387-02 3-Feb-92 07868 4400 C2 bug fixes and enhancements, Basic
Security Module
Note: incompatible with patch 100201-04
100383-04 5-Feb-92 42306 113 rdist can be forced to create setuid
root programs
100478-01 14-Feb-92 64588 58 OpenWindows 3.0 xlock can crash,
leaving system open
100188-02 28-Feb-92 52332 132 TIOCCONS and pty security holes
100305-07 3-Mar-92 25894 283 The lp daemon can delete system files
100173-08 7-May-92 32716 562 NFS jumbo patch
Note: incompatible with Online:
DiskSuite and Backup: Copilot
100377-04 14-May-92 14692 311 sendmail security holes
100630-01 18-May-92 36269 39 Environment variables can be used to
exploit login and su
100482-02 20-May-92 53416 284 ypserv and ypxfrd will send NIS maps
to anyone
100633-01 22-May-92 43774 20 Environment variables can be used to
exploit login and su when using Sun's
ARM product
100567-02 13-Jul-92 23118 13 ICMP redirect messages can be used to
make a host drop network connections
100376-04 16-Jul-92 12884 100 Integer division on Sparc can allow
root access

SunOS 4.1.2
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 sv_xv_sel_svc and rpc
permit access to system files
100296-02 16-Oct-91 30606 23 rpc.mountd exports filesystems
incorrectly
100448-01 10-Dec-91 02672 5 OpenWindows 3.0 loadmodule security hole
100383-04 5-Feb-92 42306 113 rdist can be forced to create setuid
root programs
100478-01 14-Feb-92 64588 58 OpenWindows 3.0 xlock can crash,
leaving system open
100188-02 28-Feb-92 52332 132 TIOCCONS and pty security holes
100564-01 1-Apr-92 29774 415 C2 jumbo patch
100305-07 3-Mar-92 25894 283 The lp daemon can delete system files
100173-08 7-May-92 32716 562 NFS jumbo patch
100377-04 14-May-92 14692 311 sendmail security holes
100630-01 18-May-92 36269 39 Environment variables can be used to
exploit login and su
100482-02 20-May-92 53416 284 ypserv and ypxfrd will send NIS maps
to anyone
100633-01 22-May-92 43774 20 Environment variables can be used to
exploit login and su when using Sun's
ARM product
100567-02 13-Jul-92 23118 13 ICMP redirect messages can be used to
make a host drop network connections
100376-04 16-Jul-92 12884 100 Integer division on Sparc can allow
root access
Note: sun4m architectures require
patch 100542-04

For additional information or assistance, please contact CIAC:

Voice: (510) 422-8193 / FTS
E-mail: ciac@llnl.gov
FAX: (510) 423-8002 / FTS.

Previous CIAC bulletins and other information are available via
anonymous ftp from irbis.llnl.gov (ip address 128.115.19.60).

PLEASE NOTE: Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Some of the other teams include the NASA NSI response
team, DARPA's CERT/CC, NAVCIRT, and the Air Force response team. Your
agency's team will coordinate with CIAC.

Neither the United States Government nor the University of California
nor any of their employees, makes any warranty, expressed or implied,
or assumes any legal liability or responsibility for the accuracy,
completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government nor the University of California, and shall not be used for
advertising or product endorsement purposes.

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close