d-20.ciac-summary-sunos-patches
e3da86e2fd993b9602bf0fd2975b6c38fb38be42c883e2500f617a5566fd2844
_____________________________________________________
The Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
_____________________________________________________
INFORMATION BULLETIN
Summary of SunOS Security Patches
August 6, 1993 1200 PDT Number D-20
__________________________________________________________________________
PROBLEM: Security vulnerabilities in all versions of SunOS.
PLATFORM: All Sun Microsystems workstations.
DAMAGE: Unauthorized access to system and files, denial of service.
SOLUTION: Apply appropriate security patches.
__________________________________________________________________________
Critical Information about SunOS Security Patches
This bulletin is an update to CIAC Bulletin C-29.
CIAC has compiled a list of all security related patches currently available
from Sun Microsystems. The patches have been grouped by SunOS version and
are detailed below. CIAC recommends the installation of any applicable
patches that either are not currently present on a system or are present in
the form of an older version of the patch.
Sun security patches are available through both your Sun Answer Center and
anonymous FTP. In the U.S., ftp to ftp.uu.net (IP 192.48.96.9) and retrieve
the patches from the directory /systems/sun/sun-dist. In Europe, ftp to
mcsun.eu.net (IP 192.16.202.1) and retrieve the patches from the /sun/fixes
directory. The patches are contained in compressed tarfiles with filenames
based on the ID number of the patch (e.g. patch 100085-03 is contained in the
file 100085-03.tar.Z), and must be retrieved using FTP's binary transfer
mode.
After obtaining the patches, compute the checksum of each compressed tarfile
and compare with the values indicated below. For example, the command
"/usr/bin/sum 100085-03.tar.Z" should return "44177 740". Please note that
Sun Microsystems occasionally updates patch files, resulting in a changed
checksum. If you should find a checksum that differs from those listed
below, please contact Sun Microsystems or CIAC for verification before using
the patch.
The patches may be extracted from the compressed tarfiles using the commands
uncompress and tar. For example, to extract patch 100085-03 from the
compressed tarfile 100085-03.tar.Z, execute the commands "uncompress
100085-03.tar.Z" and "tar xvf 100085-03.tar".
For specific instructions regarding the installation of a particular patch,
consult the README file accompanying each patch. As multiple patches may
affect the same files, it is recommended that patches be installed
chronologically by revision date, with the exception of patches for which an
explicit order is specified.
=======================
SunOS 5.2 (Solaris 2.2)
=======================
Patch ID Last Revised Checksum Description
--------- ------------ ---------- -------------------------------------
101090-01 28-Jun-93 44985 54 expreserve can overwrite any file
=======================
SunOS 5.1 (Solaris 2.1)
=======================
Patch ID Last Revised Checksum Description
--------- ------------ ---------- -------------------------------------
100833-02 12-Jan-93 24412 309 C2 auditing missing in some programs
100840-01 12-Jan-93 25050 220 sendmail bypasses mailhost
100884-01 12-Feb-93 63299 5220 Security fixes for sun4m machines
101089-01 28-Jun-93 4501 54 expreserve can overwrite any file
=======================
SunOS 5.0 (Solaris 2.0)
=======================
Patch ID Last Revised Checksum Description
--------- ------------ ---------- -------------------------------------
100723-01 24-Aug-92 49406 2 Incorrect permissions after install
101119-01 28-Jun-93 61863 54 expreserve can overwrite any file
===========
SunOS 4.1.3
===========
Patch ID Last Revised Checksum Description
--------- ------------ ---------- -------------------------------------
100448-01 10-Dec-91 29285 5 OpenWindows 3.0 loadmodule hole
100478-01 14-Feb-92 64588 58 OpenWindows 3.0 xlock vulnerability
100296-04 18-Jun-92 42492 40 File systems exported incorrectly
100507-04 3-Sep-92 57590 61 tmpfs file system vulnerability
100372-02 8-Sep-92 22739 712 tfs fails under C2
100377-05 15-Sep-92 29141 1076 sendmail security holes
100103-11 29-Sep-92 19847 6 Permissions incorrect on many files
100567-04 27-Oct-92 15728 11 ICMP packets can be forged
100564-05 11-Nov-92 00115 824 C2 jumbo patch
100482-04 16-Nov-92 06594 342 ypserv will send NIS maps to anyone
100513-02 2-Dec-92 34315 483 Console can be redirected
100623-03 11-Dec-92 56063 141 NFS file handles can be guessed
100173-10 7-Jan-93 48086 788 NFS jumbo patch
100383-06 26-Jan-93 58984 121 rdist can create setuid root files
100452-28 29-Jan-93 07299 1688 cmdtool may reveal passwords
100305-11 12-Feb-93 38582 500 The lp daemon can delete system files
100891-01 19-Feb-93 33195 3075 Netgroup and xlock vulnerabilities
100224-06 5-Mar-93 57647 54 mail and rmail can invoke root shells
101080-01 9-Jun-93 45221 13 expreserve can overwrite any file
===========
SunOS 4.1.2
===========
Patch ID Last Revised Checksum Description
--------- ------------ ---------- -------------------------------------
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 vulnerability
100448-01 10-Dec-91 29285 5 OpenWindows 3.0 loadmodule hole
100478-01 14-Feb-92 64588 58 OpenWindows 3.0 xlock vulnerability
100630-01 18-May-92 28074 39 Environment variables vulnerability
100633-01 22-May-92 33264 20 Environment variables with Sun's ARM
100296-04 18-Jun-92 42492 40 File systems exported incorrectly
100376-04 16-Jul-92 12884 100 Integer division vulnerability
100507-04 3-Sep-92 57590 61 tmpfs file system vulnerability
100372-02 8-Sep-92 22739 712 tfs fails under C2
100377-05 15-Sep-92 29141 1076 sendmail security holes
100103-11 29-Sep-92 19847 6 Permissions incorrect on many files
100567-04 27-Oct-92 15728 11 ICMP packets can be forged
100564-05 11-Nov-92 00115 824 C2 jumbo patch
100482-04 16-Nov-92 06594 342 ypserv will send NIS maps to anyone
100513-02 2-Dec-92 34315 483 Console can be redirected
100623-03 11-Dec-92 56063 141 NFS file handles can be guessed
100173-10 7-Jan-93 48086 788 NFS jumbo patch
100383-06 26-Jan-93 58984 121 rdist can create setuid root files
100452-28 29-Jan-93 07299 1688 cmdtool may reveal passwords
100305-11 12-Feb-93 38582 500 The lp daemon can delete system files
100224-06 5-Mar-93 57647 54 mail and rmail can invoke root shells
101080-01 9-Jun-93 45221 13 expreserve can overwrite any file
===========
SunOS 4.1.1
===========
Patch ID Last Revised Checksum Description
--------- ------------ ---------- -------------------------------------
100085-03 5-Sep-90 44177 740 Sunview selection_svc vulnerability
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 vulnerability
100125-05 8-Jul-91 41964 164 telnet permits password capture
100424-01 12-Nov-91 63070 50 NFS file handles can be guessed
100448-01 10-Dec-91 29285 5 OpenWindows 3.0 loadmodule hole
100478-01 14-Feb-92 64588 58 OpenWindows 3.0 xlock vulnerability
100630-01 18-May-92 28074 39 Environment variables vulnerability
100633-01 22-May-92 33264 20 Environment variables with Sun's ARM
100296-04 18-Jun-92 42492 40 File systems exported incorrectly
100376-04 16-Jul-92 12884 100 Integer division vulnerability
100507-04 3-Sep-92 57590 61 tmpfs file system vulnerability
100372-02 8-Sep-92 22739 712 tfs fails under C2
100377-05 15-Sep-92 29141 1076 sendmail security holes
100103-11 29-Sep-92 19847 6 Permissions incorrect on many files
100567-04 27-Oct-92 15728 11 ICMP packets can be forged
100201-06 5-Nov-92 13145 164 C2 jumbo patch
100267-09 6-Nov-92 55338 5891 Netgroup membership check fails
100482-04 16-Nov-92 06594 342 ypserv will send NIS maps to anyone
100513-02 2-Dec-92 34315 483 Console can be redirected
100173-10 7-Jan-93 48086 788 NFS jumbo patch
100383-06 26-Jan-93 58984 121 rdist can create setuid root files
100452-28 29-Jan-93 07299 1688 cmdtool may reveal passwords
100305-11 12-Feb-93 38582 500 The lp daemon can delete system files
100224-06 5-Mar-93 57647 54 mail and rmail can invoke root shells
101080-01 9-Jun-93 45221 13 expreserve can overwrite any file
=========
SunOS 4.1
=========
Patch ID Last Revised Checksum Description
--------- ------------ ---------- -------------------------------------
100101-02 7-Aug-90 42872 34 ptrace security vulnerability
100085-03 5-Sep-90 44177 740 Sunview selection_svc vulnerability
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 vulnerability
100125-05 8-Jul-91 41964 164 telnet permits password capture
100630-01 18-May-92 28074 39 Environment variables vulnerability
100376-04 16-Jul-92 12884 100 Integer division vulnerability
100377-05 15-Sep-92 29141 1076 sendmail security holes
100103-11 29-Sep-92 19847 6 Permissions incorrect on many files
100567-04 27-Oct-92 15728 11 ICMP packets can be forged
100201-06 5-Nov-92 13145 164 C2 jumbo patch
100482-04 16-Nov-92 06594 342 ypserv will send NIS maps to anyone
100513-02 2-Dec-92 34315 483 Console can be redirected
100383-06 26-Jan-93 58984 121 rdist can create setuid root files
100452-28 29-Jan-93 07299 1688 cmdtool may reveal passwords
100305-11 12-Feb-93 38582 500 The lp daemon can delete system files
100121-09 24-Feb-93 57589 360 NFS jumbo patch
101080-01 9-Jun-93 45221 13 expreserve can overwrite any file
======================
SunOS 4.0.3 and 4.0.3c
======================
Patch ID Last Revised Checksum Description
--------- ------------ ---------- -------------------------------------
100100-01 30-Jul-90 43821 588 sendmail permits root level access
100101-02 7-Aug-90 42872 34 ptrace security vulnerability
100085-03 5-Sep-90 44177 740 Sunview selection_svc vulnerability
100184-02 14-Dec-90 06627 33 OpenWindows 2.0 vulnerability
100125-05 8-Jul-91 41964 164 telnet permits password capture
100383-06 26-Jan-93 58984 121 rdist can create setuid root files
============
SunOS 4.0.2i
============
Patch ID Last Revised Checksum Description
--------- ------------ ---------- -------------------------------------
100108-01 22-Aug-90 50309 146 sendmail security vulnerability
=====================
SunOS 4.0.1 and 4.0.2
=====================
Patch ID Last Revised Checksum Description
--------- ------------ ---------- -------------------------------------
100085-03 5-Sep-90 44177 740 Sunview selection_svc vulnerability
For additional information or assistance, please contact CIAC at
(510) 423-9878 or send E-mail to ciac@llnl.gov. FAX messages to
(510) 423-8002.
Previous CIAC Bulletins and other information are available via anonymous
FTP from irbis.llnl.gov (IP address 128.115.19.60).
PLEASE NOTE: Many users outside of the DOE and ESnet computing communities
receive CIAC bulletins. If you are not part of these communities, please
contact your agency's response team to report incidents. Your agency's team
will coordinate with CIAC. The Forum of Incident Response and Security Teams
(FIRST) is a world-wide organization. A list of FIRST member organizations
and their constituencies can be obtained by sending email to
docserver@first.org with an empty subject line and a message body containing
the line: send first-contacts.
This document was prepared as an account of work sponsored by an agency of
the United States Government. Neither the United States Government nor the
University of California nor any of their employees, makes any warranty,
expressed or implied, or assumes any legal liability or responsibility for
the accuracy, completeness, or usefulness of any information, product, or
process disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products, process,
or service by trade name, trademark manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation, or favoring
by the United States Government or the University of California. The views
and opinions of authors expressed herein do not necessarily state or reflect
those of the United States Government nor the University of California, and
shall not be used for advertising or product endorsement purposes.