Exploit the possiblities


Posted Sep 23, 1999


systems | unix
MD5 | 5d1f61bc6a865823558124123186fdff


Change Mirror Download


Several weeks ago, the DOE Computer Incident Advisory Capability (CIAC) reported a
UNIX security problem involving rcp and rdist in 4.3BSD,
4.3BSD-tahoe, and all versions of UNIX using BSD networking
code, as well as SunOS (all versions). Patches for BSD but
not SUN systems were available at the time you received an
announcement about the rcp and rdist vulnerabilities.
However, patches for SUN3 and SUN4 systems are now
available. You may obtain these patches from several
sources, to be described shortly. TTTToooo ttttrrrraaaannnnssssffffeeeerrrr tttthhhheeee ppppaaaattttcccchhhheeeessss::::
Log in to your local SUN machine. Get into the directory
into which you want the patches to be transferred. You can
accomplish this by typing: _c_d "dir", where "dir" is the name
of the directory to which you want to copy the patches. Use
one of the following options: OOOOPPPPTTTTIIIIOOOONNNN IIII---- TTTTrrrraaaannnnssssffffeeeerrrr tttthhhheeee PPPPaaaattttcccchhhheeeessss
ffffrrrroooommmm uuuuuuuunnnneeeetttt....uuuuuuuu....nnnneeeetttt TTTTyyyyppppeeee:::: _f_t_p _u_u_n_e_t._u_u._n_e_t <RETURN> The
remote system will prompt you as follows: Name:
ttttyyyyppppeeee:::: _a_n_o_n_y_m_o_u_s <RETURN> Passwd:
ttttyyyyppppeeee:::: _g_u_e_s_t <RETURN> ftp> When you get
an "ftp>" prompt then
TTTTyyyyppppeeee:::: _c_d _s_u_n-_f_i_x_e_s <RETURN>
and then type: _l_s <RETURN>
(this will help you see what directory you are in.) Then
ttttyyyyppppeeee:::: _t_y_p_e _i_m_a_g_e <RETURN> Now you are ready to copy the
patches. If you are running a SUN3 system, i.e. 68020.,
TTTTyyyyppppeeee:::: _g_e_t rcp.sun3.Z <RETURN> Or for SUN4 systems, i.e.
SPARC architecture., ttttyyyyppppeeee:::: _g_e_t rcp.sun4.Z <RETURN> Do the
same for: _g_e_t "rdist.sun3.Z" <RETURN> or _g_e_t "rdist.sun4.Z"
<RETURN> Finally ttttyyyyppppeeee:::: _q_u_i_t <RETURN>

June 12, 1996

- 2 -

OOOOPPPPTTTTIIIIOOOONNNN IIIIIIII---- TTTTrrrraaaannnnssssffffeeeerrrr tttthhhheeee ppppaaaattttcccchhhheeeessss ffffrrrroooommmm llllllllllll----ccccrrrrgggg....llllllllnnnnllll....ggggoooovvvv

If you cannot connect to uunet.uu.net, then try the
following: TTTTyyyyppppeeee:::: _f_t_p _l_l_l-_c_r_g._l_l_n_l._g_o_v <RETURN> The remote
system will prompt you as follows: Name:
ttttyyyyppppeeee:::: _a_n_o_n_y_m_o_u_s <RETURN> Passwd: ttttyyyyppppeeee::::
_g_u_e_s_t <RETURN> ftp> TTTTyyyyppppeeee:::: _c_d _s_u_n <RETURN> GGGGeeeetttt the
files as shown above. (Refer to I.c and I.d above) Finally
ttttyyyyppppeeee:::: _q_u_i_t <RETURN>

TTTToooo iiiinnnnssssttttaaaallllllll tttthhhheeee ppppaaaattttcccchhhheeeessss oooonnnn yyyyoooouuuurrrr ssssyyyysssstttteeeemmmm:::: After you get the
patches and are back to your local machine, do the
following: MMMMaaaakkkkeeee yyyyoooouuuurrrr ffffiiiilllleeeessss rrrreeeeaaaaddddaaaabbbblllleeee.... TTTTyyyyppppeeee:::: _u_n_c_o_m_p_r_e_s_s
_r_c_p._s_u_n_3._Z. <RETURN> TTTTyyyyppppeeee:::: _u_n_c_o_m_p_r_e_s_s _r_d_i_s_t._s_u_n_3._Z. <RETURN>
the _r_d_i_s_t._s_u_n_3._Z is for SUN3 systems, if you have a SUN4 it
will be _r_d_i_s_t._s_u_n_4._Z. The same naming rule is being used on
_r_c_p._s_u_n_3._Z. RRRReeeeppppllllaaaacccceeee tttthhhheeee oooorrrriiiiggggiiiinnnnaaaallll rrrrccccpppp aaaannnndddd rrrrddddiiiisssstttt.... You can
achieve this by: 2.1) TTTTyyyyppppeeee:::: _w_h_e_r_e_i_s _r_c_p <RETURN>
Your computer will return a pathname such as:
Write down that pathname. 2.2) Do the same for "rdist".
TTTTyyyyppppeeee:::: _w_h_e_r_e_i_s _r_d_i_s_t <RETURN> 2.3) TTTTyyyyppppeeee:::: _c_p "_r_c_p-_p_a_t_h_n_a_m_e"
"_r_c_p-_p_a_t_h_n_a_m_e._o_r_i_g" <RETURN>
(where "rcp-pathname" is the pathname from step 2.1
TTTTyyyyppppeeee:::: _c_p "_r_d_i_s_t-_p_a_t_h_n_a_m_e" "_r_d_i_s_t-_p_a_t_h_n_a_m_e._o_r_i_g" <RETURN>
(where "rdist-pathname" is the pathname from step 2.2
TTTTyyyyppppeeee:::: _c_p _r_c_p._s_u_n_3 "_r_c_p-_p_a_t_h_n_a_m_e" <_R_E_T_U_R_N>
TTTTyyyyppppeeee:::: _c_p _r_d_i_s_t._s_u_n_3 "_r_c_p-_p_a_t_h_n_a_m_e" <RETURN> You can now
test these utilities. If you cannot connect to either
uunet.uu.net or lll-crg.llnl.gov via the network or need
further assistance, please contact:
Ana Maria De Alvare'
(415) 422-7007 or (FTS) 532-7007

or send e-mail to:


June 12, 1996


RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    7 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By