d-04.ciac-sunos-18-patches
003e14662a13432229b1e748b45475015771d214481200bed35703404aeb90bc _____________________________________________________
The Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
_____________________________________________________
INFORMATION BULLETIN
18 New and Upgraded Security Patches Available For SunOS
November 11, 1992, 1200 PST Number D-04
______________________________________________________________________________
PROBLEMS: Various security vulnerabilities.
PLATFORMS: SunOS 4.1.3, 4.1.2, 4.1.1, 4.1, 4.0.3 and 5.0 (Solaris 2.0FCS).
DAMAGE: Unauthorized root access and privileges, denial of service,
other damage as noted below.
SOLUTION: Apply Sun Patches as described.
______________________________________________________________________________
Critical Information about SunOS Security Patches
CIAC has received information from Sun Microsystems regarding the
availability of the following eighteen security patches for SunOS
versions 4.1.3, 4.1.2, 4.1.1, 4.1, 4.0.3 and Solaris 2.0FCS (which
contains SunOS 5.0).
The patches are available through your local Sun Answer Center and
via anonymous ftp. In the U.S., ftp to ftp.uu.net and retrieve the
patches from the /systems/sun/sun-dist directory. In Europe, ftp to
mcsun.eu.net and retrieve the patches from the ~ftp/sun/fixes
directory. The patches are contained in compressed tar files named
[patch].tar.Z. For example, if you wish to obtain patch 100103-11,
the tarfile would be 100103-11.tar.Z. Each patch has been checksummed
using the SunOS "sum" command so its validity can be verified by the
end user. If you find that the checksum differs from that listed
below, please contact Sun Microsystems or CIAC for confirmation before
using the patch. To install the patches on your system, follow the
instructions contained in the README files which accompany each patch.
The following ten patches (except for the last, which is a new patch)
are new revisions, superseding older patch versions, and they all
include fixes for new bugs. All designated versions of SunOS should
be upgraded with these patches. Refer to the CIAC bulletins listed,
or contact CIAC for more information on each vulnerability. A brief
description of each patch is provided.
Patch Checksum SunOS Versions CIAC Bulletins
----- -------- -------------- --------------
100103-11 19847 6 4.1.3, 4.1.2, 4.1.1, 4.1 B-26
A shell script modifies file permissions to a more secure
mode. The script changes the permissions for two
additional files:
/var/yp/`domainname`/mail.aliases.dir and
/var/yp/`domainname`/mail.aliases.pag
100173-09 28314 788 4.1.3, 4.1.2, 4.1.1, 4.1 C-28
NFS jumbo patch - Repairs a problem when accessing NFS
mounted files as root. This patch requires that a new
kernel be configured, made and installed. The installer
needs to build a new kernel only once even if multiple
patches are installed, as long as all the object files
(".o" files) from all patches are loaded.
100267-09 55338 5891 4.1.1 (contact CIAC)
This is the international version of the libc replacement
with all 4.1.1 patches. New bug fixes include: innetgr may
acknowledge false netgroup membership, undefined symbols
when linking statically with "mblen()", mbtowc and mbstowcs
give different results for same character.
100305-10 28781 368 4.1.3, 4.1.2, 4.1.1, 4.1 B-30, B-33
Fix for lpr, lpd, lpstat -v, passwd, delete, and system.
This patch also contains a new bug fix for lpstat -v.
100377-05 29141 1076 4.1.3, 4.1.2, 4.1.1, 4.1 C-26, A-16
sendmail jumbo patch - Fixes sendmail, sendmail.mx
Remedies five new bugs in sendmail.
100507-04 57590 61 4.1.3, 4.1.2, 4.1.1 (contact CIAC)
tmpfs jumbo patch - Copying files from an NFS mounted
partition to a tmpfs mount can result in a security breach.
This patch requires that a new kernel be configured, made
and installed. The installer needs to build a new kernel
only once even if multiple patches are installed, as long
as all the object files (".o" files) from all patches are
loaded.
100513-01 20616 480 4.1.3, 4.1.2, 4.1.1, 4.1 B-10
tty jumbo patch - Consolidates many patches, including
security patch 100188-02 (TIOCCONS redirection of console
output/input). This patch requires that a new kernel be
configured, made and installed. The installer needs to
build a new kernel only once even if multiple patches are
installed, as long as all the object files (".o" files)
from all patches are loaded.
100201-06 13145 164 4.1.1, 4.1 (contact CIAC)
C2 jumbo patch - Fixes delay with yppasswd when running C2
with NIS, unprivileged access to environment variables, and
a problem where an image contains plaintext passwords and
passwd.adjunct file.
100564-05 00115 824 4.1.3, 4.1.2 (contact CIAC)
C2 jumbo patch - Fixes problem where an image contains
plaintext passwords and passwd.adjunct file.
100723-01 22726 1 Solaris 2.0FCS/SunOS 5.0 new patch
The Solaris 2.0FCS install leaves world-writable
directories. NOTE: this patch contains a README file only.
The README instructs the installer to run the following
command as root after the installation of
Solaris 2.0FCS/SunOS 5.0: #pkgchk -f
correcting directory and file attributes incorrectly
set during the installation process.
The following patch is an upgrade for compatibility with SunOS
versions 4.1.2 and 4.1.3. If you have a pre-4.1.2 system and have
previously loaded this patch, you need not apply this to your system.
100372-02 22739 712 4.1.3, 4.1.2, 4.1.1 (contact CIAC)
tfs and C2 do not work together. This patch is provided
for C2 security, and is only necessary if you use C2 with
tfs (translucent file service).
The following seven patches are upgraded to be compatible with SunOS
4.1.3. If you have a pre-4.1.3 system and have previously loaded
these patches, you need not apply these to your system.
100296-04 42492 40 4.1.3, 4.1.2, 4.1.1 C-06
Netgroup exports to world.
100482-03 27837 342 4.1.3, 4.1.2, 4.1.1, 4.1 C-25
ypserv, ypxfrd. Note: the /var/yp/securenets configuration
file provided with this patch does not support blank lines.
100383-05 52230 135 4.1.3, 4.1.2, 4.1.1, 4.1, 4.0.3 C-04, C-08
rdist security enhancement.
100567-04 15728 11 4.1.3, 4.1.2, 4.1.1, 4.1 C-28
icmp redirects, mfree panic. This patch requires that a new
kernel be configured, made and installed. The installer
needs to build a new kernel only once even if multiple
patches are installed, as long as all the object files
(".o" files) from all patches are loaded.
100630-01 28074 39 4.1.3, 4.1.2, 4.1.1, 4.1 C-26
100631-01 44444 25 4.1.3, 4.1.2, 4.1.1, 4.1 C-26
login, su, LD_ environment variables.
100630-01 is the international version of /bin/login for
systems not using the US Encryption Kit. /usr/bin/su and
/usr/5bin/su from the international version are suitable
for sites that use the US Encryption Kit.
100631-01 is the domestic version. To obtain 100631-01,
contact your local Sun Answer Center.
100633-01 33264 20 4.1.3, 4.1.2, 4.1.1 (contact CIAC)
Unbundled SunSHIELD ARM 1.0, "LD_" environment variables
can be used to exploit login/su, international version.
If you require additional assistance or wish to report a vulnerability,
call CIAC at (510) 422-8193 or send e-mail to ciac@llnl.gov. FAX
messages to: (510) 423-8002.
For emergencies only, call 1-800-SKYPAGE and enter PIN number
855-0070 (primary) or 855-0074 (secondary).
The CIAC Bulletin Board, Felicia, can be accessed at 1200 or 2400
baud at (510) 423-4753 and 9600 baud at (510) 423-3331.
Previous CIAC bulletins and other information is available via
anonymous ftp from irbis.llnl.gov (ip address 128.115.19.60).
CIAC wishes to thank Ken Pon of Sun Microsystems for the information
used in this bulletin.
PLEASE NOTE: Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Some of the other teams include the NASA NSI response
team, DARPA's CERT/CC, NAVCIRT, and the Air Force response team.
Your agency's team will coordinate with CIAC. The Forum of Incident
Response and Security Teams (FIRST) is a world-wide organization. A
list of FIRST member organizations and their constituencies can be
obtained by sending email to Docserver@First.Org with a null subject
line, and the first line of the message reading: send first-contacts.
This document was prepared as an account of work sponsored by an agency
of the United States Government. Neither the United States Government
nor the University of California nor any of their employees, makes any
warranty, expressed or implied, or assumes any legal liability or
responsibility for the accuracy, completeness, or usefulness of any
information, product, or process disclosed, or represents that its use
would not infringe privately owned rights. Reference herein to any
specific commercial products, process, or service by trade name,
trademark manufacturer, or otherwise, does not necessarily constitute or
imply its endorsement, recommendation, or favoring by the United States
Government or the University of California. The views and opinions of
authors expressed herein do not necessarily state or reflect those of
the United States Government nor the University of California, and shall
not be used for advertising or product endorsement purposes.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed