c-29.ciac-sunos-patch-summary
c43b06ffa581dc580ad1ddfda946c2ab34779c4f7bc75ef3bbdd206a2d5a3eb6
_______________________________________________________
The Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
_____________________________________________________
Information Bulletin
Summary of SunOS Security Patches
July 31, 1992 1400 PDT Number C-29
CIAC has compiled a list of all security related patches currently
available from Sun Microsystems. The patches have been grouped by
SunOS version and are detailed below. CIAC recommends the
installation of any applicable patches that either are not currently
present on your system or are present in the form of an older version
of the patch.
The patches are available both through your local Sun Answer Center
and anonymous ftp. In the U.S., ftp to ftp.uu.net and retrieve the
patches from the directory ~ftp/systems/sun/sun-dist. In Europe, ftp
to mcsun.eu.net and retrieve the patches from the ~ftp/sun/fixes
directory. The patches are contained in compressed tarfiles with
filenames based on the ID number of the patch (e.g. patch 100085-03 is
contained in the file 100085-03.tar.Z), and must be retrieved using
ftp's binary transfer mode.
After obtaining the patches, compute the checksum of each compressed
tarfile and compare with the values indicated below. For example, the
command "sum 100085-03.tar.Z" should produce the value 44177 740.
Please note that Sun Microsystems occasionally updates patch files,
resulting in a changed checksum. If you should find a checksum that
differs from those listed below, please contact Sun Microsystems or
CIAC for verification before using the patch.
Finally, the patches must be extracted from the compressed tarfiles
using the commands uncompress and tar (e.g. to extract patch
100085-03, execute the commands "uncompress 100085-03.tar.Z" and
"tar -xvf 100085-03.tar").
As multiple patches may affect the same files, it is recommended that
patches be installed chronologically by revision date, with the
exception of patches for which an explicit order is specified. To
install a patch on your system, follow the instructions contained
in the README file which accompanies the patch.
SunOS 4.0.1 and 4.0.2
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100085-03 5-Sep-90 44177 740 selection_svc and rpc can be used to
view system files without login
permission
SunOS 4.0.2i
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100108-01 22-Aug-90 50309 146 sendmail can be coaxed into writing a
file not owned by the sender
SunOS 4.0.3 and 4.0.3c
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100224-02 15-Jan-90 39010 223 mail and rmail can invoke root and
uucp shells
100100-01 30-Jul-90 43821 588 sendmail permits users to run programs
with root's group privileges
100101-02 7-Aug-90 42872 34 ptrace security hole
100085-03 5-Sep-90 44177 740 selection_svc and rpc can be used to
view system files without login
permission
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 sv_xv_sel_svc and rpc
permit access to system files
100125-05 8-Jul-91 41964 164 telnet permits password capture
100383-04 5-Feb-92 42306 113 rdist can be forced to create setuid
root programs
SunOS 4.1
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100224-02 15-Jan-90 39010 223 mail and rmail can invoke root and
uucp shells
100101-02 7-Aug-90 42872 34 ptrace security hole
100085-03 5-Sep-90 44177 740 selection_svc and rpc can be used to
view system files without login
permission
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 sv_xv_sel_svc and rpc
permit access to system files
100187-01 15-Dec-90 27724 139 Console input and output can be
redirected
100251-01 25-Mar-91 44264 32 expreserve race condition
100121-08 1-Apr-91 61464 287 NFS jumbo patch
100201-04 3-Jul-91 24358 169 C2 jumbo patch
100125-05 8-Jul-91 41964 164 telnet permits password capture
100103-10 30-Sep-91 26292 7 Many files distributed with incorrect
permissions
100296-02 16-Oct-91 30606 23 rpc.mountd exports filesystems
incorrectly
100383-04 5-Feb-92 42306 113 rdist can be forced to create setuid
root programs
100305-07 3-Mar-92 25894 283 The lp daemon can delete system files
100173-08 7-May-92 32716 562 NFS jumbo patch
100377-04 14-May-92 14692 311 sendmail security holes
100630-01 18-May-92 36269 39 Environment variables can be used to
exploit login and su
100482-02 20-May-92 53416 284 ypserv and ypxfrd will send NIS maps
to anyone
100567-02 13-Jul-92 23118 13 ICMP redirect messages can be used to
make a host drop network connections
100376-04 16-Jul-92 12884 100 Integer division on Sparc can allow
root access
SunOS 4.1_PSR_A
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100224-02 15-Jan-90 39010 223 mail and rmail can invoke root and
uucp shells
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 sv_xv_sel_svc and rpc
permit access to system files
100187-01 15-Dec-90 27724 139 Console input and output can be
redirected
100201-04 3-Jul-91 24358 169 C2 jumbo patch
100296-02 16-Oct-91 30606 23 rpc.mountd exports filesystems
incorrectly
100383-04 5-Feb-92 42306 113 rdist can be forced to create setuid
root programs
100305-07 3-Mar-92 25894 283 The lp daemon can delete system files
100377-04 14-May-92 14692 311 sendmail security holes
100630-01 18-May-92 36269 39 Environment variables can be used to
exploit login and su
SunOS 4.1.1
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100224-02 15-Jan-90 39010 223 mail and rmail can invoke root and
uucp shells
100085-03 5-Sep-90 44177 740 selection_svc and rpc can be used to
view system files without login
permission
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 sv_xv_sel_svc and rpc
permit access to system files
100251-01 25-Mar-91 44264 32 expreserve race condition
100201-04 3-Jul-91 24358 169 C2 jumbo patch
100125-05 8-Jul-91 41964 164 telnet permits password capture
100296-02 16-Oct-91 30606 23 rpc.mountd exports filesystems
incorrectly
100103-10 30-Sep-91 26292 7 Many files distributed with incorrect
permissions
100424-01 12-Nov-91 63070 50 NFS with fsirand file handle guessing
problems
Note: should only be applied with
patch 100173-08
Note: incompatible with Online:
DiskSuite and Backup: Copilot
100448-01 10-Dec-91 02672 5 OpenWindows 3.0 loadmodule security hole
100387-02 3-Feb-92 07868 4400 C2 bug fixes and enhancements, Basic
Security Module
Note: incompatible with patch 100201-04
100383-04 5-Feb-92 42306 113 rdist can be forced to create setuid
root programs
100478-01 14-Feb-92 64588 58 OpenWindows 3.0 xlock can crash,
leaving system open
100188-02 28-Feb-92 52332 132 TIOCCONS and pty security holes
100305-07 3-Mar-92 25894 283 The lp daemon can delete system files
100173-08 7-May-92 32716 562 NFS jumbo patch
Note: incompatible with Online:
DiskSuite and Backup: Copilot
100377-04 14-May-92 14692 311 sendmail security holes
100630-01 18-May-92 36269 39 Environment variables can be used to
exploit login and su
100482-02 20-May-92 53416 284 ypserv and ypxfrd will send NIS maps
to anyone
100633-01 22-May-92 43774 20 Environment variables can be used to
exploit login and su when using Sun's
ARM product
100567-02 13-Jul-92 23118 13 ICMP redirect messages can be used to
make a host drop network connections
100376-04 16-Jul-92 12884 100 Integer division on Sparc can allow
root access
SunOS 4.1.2
Patch ID Last Revised Checksum Description
--------- ------------ --------- -------------------------------------
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 sv_xv_sel_svc and rpc
permit access to system files
100296-02 16-Oct-91 30606 23 rpc.mountd exports filesystems
incorrectly
100448-01 10-Dec-91 02672 5 OpenWindows 3.0 loadmodule security hole
100383-04 5-Feb-92 42306 113 rdist can be forced to create setuid
root programs
100478-01 14-Feb-92 64588 58 OpenWindows 3.0 xlock can crash,
leaving system open
100188-02 28-Feb-92 52332 132 TIOCCONS and pty security holes
100564-01 1-Apr-92 29774 415 C2 jumbo patch
100305-07 3-Mar-92 25894 283 The lp daemon can delete system files
100173-08 7-May-92 32716 562 NFS jumbo patch
100377-04 14-May-92 14692 311 sendmail security holes
100630-01 18-May-92 36269 39 Environment variables can be used to
exploit login and su
100482-02 20-May-92 53416 284 ypserv and ypxfrd will send NIS maps
to anyone
100633-01 22-May-92 43774 20 Environment variables can be used to
exploit login and su when using Sun's
ARM product
100567-02 13-Jul-92 23118 13 ICMP redirect messages can be used to
make a host drop network connections
100376-04 16-Jul-92 12884 100 Integer division on Sparc can allow
root access
Note: sun4m architectures require
patch 100542-04
For additional information or assistance, please contact CIAC:
Voice: (510) 422-8193 / FTS
E-mail: ciac@llnl.gov
FAX: (510) 423-8002 / FTS.
Previous CIAC bulletins and other information are available via
anonymous ftp from irbis.llnl.gov (ip address 128.115.19.60).
PLEASE NOTE: Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Some of the other teams include the NASA NSI response
team, DARPA's CERT/CC, NAVCIRT, and the Air Force response team. Your
agency's team will coordinate with CIAC.
Neither the United States Government nor the University of California
nor any of their employees, makes any warranty, expressed or implied,
or assumes any legal liability or responsibility for the accuracy,
completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government nor the University of California, and shall not be used for
advertising or product endorsement purposes.