SUN MICROSYSTEMS SECURITY BULLETIN: #00112

This information is only to be used for the purpose of alerting
customers to problems.  Any other use or re-broadcast of this 
information without the express written consent of Sun Microsystems
shall be prohibited.

Sun expressly disclaims all liability for any misuse of this information
by any third party.
---------------------------------------------------------------------------


   All patches listed are available through your local Sun answer centers
   worldwide as well as through anonymous ftp to ftp.uu.net.
   In the US on ~ftp/sun-dist directory and in Europe on mcsun.eu.net
   on ~ftp/sun/fixes directory.


Please refer to the BugID and PatchID when requesting patches from Sun
answer centers.

Please refer to the information below for additional information.
--------------------------------------------------------------------------

Sun Bug ID  : 1063470
Synopsis    : SunOS 4.1.1 fsirand (random number generator) program could
              potentially allow the guessing of NFS file handles.  The 
              patched version of fsirand has been enhanced to provide 
              greater randomness to the random number generator's seed.
Sun Patch ID: 100424-01
Checksum of compressed tarfile 100424-01.tar.Z on ftp.uu.net = 63070    50

This patch should only be applied in conjunction with the latest version of
the NFS jumbo patch, currently 100173-07 for SunOS 4.1.1.  The NFS jumbo 
patch must be applied before the fsirand patch.  NFS jumbo and fsirand patches
are being developed and tested for SunOS 4.0.3 and 4.1.  An announcement
will be made when these patches are available.

In order to maintain a level of minimum security requirements on your Sun
gateway systems, please note the suggestions that follow.  Users may also
wish to follow the advice given below for their other file servers that may 
be connected to potentially untrusted machines over a network.

Sun recommends that you upgrade your version of SunOS to the most recent 
available (currently SunOS 4.1.1), since many improvements to the security 
of your system have been integrated into the most recent base operating system.
In addition, you should install all security related patches applicable to
your current version of SunOS.

Sun suggests that you apply this patch and the NFS jumbo patch to your server
if it is a gateway machine or if it exports critical file systems and is
accessible across a potentially untrusted network (e.g. the Internet). Please
refer to the README of patch 100424-01 for additional details.  The fsirand 
fixes have been incorporated into SYS_V Rel 4.

After applying this patch, /usr/etc/fsirand (see man page fsirand(8)) should
be run on all potentially exportable partitions.  Follow this with a system
reboot to complete the installation of random inode generation numbers.

Gateway machines should also apply Patch-ID# 100296-02, which fixes the
mountd problem that allows an unprivileged client to take advantage of 
character strings in /etc/hosts and /etc/netgroup that are equal to or
greater than 256.

It is also strongly advised that /etc/exports (exports(5)) files on servers 
be examined and modified, if necessary, to permit only the level of file 
sharing that is necessary.  The exports(5) file allows an administrator to
limit the access (and type of access) of exported directories to specific 
client machines.  For example, a directory can be exported read-only and root
access can be granted to a specified set of clients only.

Sun would like to thank Hans van Staveren, Leendert van Doorn, and Gene
Spafford for bringing this problem to our attention.


Kenneth L. Pon
Sun Microsystems 
Software Security Coordinator