what you don't know can hurt you

sms.115.patches

sms.115.patches
Posted Jan 19, 1994

sms.115.patches

MD5 | 04db7455249c01d2868c2287cebd451c

sms.115.patches

Change Mirror Download
SUN MICROSYSTEMS SECURITY BULLETIN: #00115, 17 April 92

This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.

Sun expressly disclaims all liability for any misuse of this information
by any third party.
---------------------------------------------------------------------------
Please note that the following contains updated information:

All patches listed are available through your local Sun answer centers
worldwide as well as through anonymous ftp: in the US, ftp to ftp.uu.net
and obtain the patch from the /systems/sun/sun-dist directory; in Europe,
ftp to mcsun.eu.net and obtain the patch from the ~ftp/sun/fixes directory.
Note that Sun does not have direct access to mcsun.eu.net and must request
that patches be copied from ftp.uu.net to mcsun.eu.net. Therefore, there
may be a time lag before patches appear on mcsun.eu.net.

Please refer to the BugId and PatchId when requesting patches from Sun
answer centers.

----------------------------------------------------------------------------

BULLETIN TOPICS
I. New Patches
A. 100387-02 (100388-02), 4.1.1 BSM-C2 INTERNATIONAL (US_ENCRYPTION_KIT)
version patch release
B. 100478-01, OpenWindows V3: xlock crashes leaving system open
C. 100564-01, 4.1.2 C2 Jumbo, rpc.yppasswdd rpc.pwdauthd
II. Upgraded Patches - The patches below have been updated to reflect
applicability to SunOS 4.1.2
A. 100188-02, TIOCCONS patch combines fix for 100414-01
B. 100296-02, rpc.mountd
C. 100305-07, lpd/lpr, combines fixes for patch 100301-01
D. 100383-04, rdist
E. 100448-01, OpenWindows 3.0, loadmodule

==============================================================================
NEW PATCH INFORMATION

Sun Patch ID: 100387-02
Sun Bug IDs: Not available
SunOS release: 4.1.1
Synopsis: This 8.5 MByte patch provides many bug fixes and enhancements
to the C2 and Basic Security Module. It obsoletes the 4.1.1 C2 Jumbo
patch, 100201-04.
Checksum of compressed tarfile 100387-02.tar.Z on ftp.uu.net = 07868 4400

Please note that the US_ENCRYPTION_KIT version BSM-C2 patch release (100388-02)
cannot be loaded onto anonymous ftp sites because of export restrictions.
Please contact your Answer Center for availability.

BSM-C2 patches compatible with SunOS 4.1.2 are currently being developed and
will be made available for distribution later this summer.


Sun Patch ID: 100478-01
Sun Bug IDs: 1077337
SunOS release: 4.1.1, 4.1.2
Synopsis: xlock does not process keypresses quickly enough, posing
a potential security problem.
Checksum of compressed tarfile 100478-01.tar.Z on ftp.uu.net = 64588 58


Sun Patch ID: 100564-01
Sun Bug IDs: 1040334 1043667 1058378 1059261 1063796
SunOS release: 4.1.2
Synopsis: This is a port of the C2 Jumbo patch (100201-04) to SunOS
4.1.2. It is required if you wish to run C2 security on SunOS 4.1.2
machines. Problems fixed are:

1. yppasswd will not allow a user to change a password from the client,
the yppasswdd daemon dies on the server (bug 1040334)
2. rpc.yppasswdd uses an incorrect lock file (bug 1043667)
3. rpc.pwdauthd logs cleartext passwords via auditd (bug 1058378)
4. NIS and C2 Security passwd.adjunct file can get overwritten by
/etc/passwd (bug 1059261)
5. When running C2 with NIS, ypppasswd password changes from client system
would take 5 minutes of delay before taking effect (bug 1063796)
Checksum of compressed tarfile 100564-01.tar.Z on ftp.uu.net = 29774 415

==============================================================================
UPGRADED PATCH INFORMATION

Sun Patch ID: 100188-02
Sun Bug IDs: 1008324 1040722 1070495
SunOS release: 4.1.1, 4.1.2
Synopsis: This patch combines 3 fixes:
1. TIOCCONS can be used to re-direct console output/input away from
"console" (bug 1008324)
2. Kernel programs using pty can get output from previous application.
(Formerly patch 100414-01, bug 1070495)
3. Process not letting go of a pty (bug 1040722)
Checksum of compressed tarfile 100188-02.tar.Z on ftp.uu.net = 52332 132

Please note that patch 100414-01 has been obsoleted by this patch.


Sun Patch ID: 100296-02
Sun Bug IDs: 2000680 1044852 1048890
SunOS release: 4.1.1, 4.1.2
Synopsis: The README file for this patch has been modified to reflect
the patch's applicability to SunOS 4.1.2.

Fixes:
If the cached list of netgroups that a client is not a member of
exceeds the cache capacity then the mount daemon will acknowledge
the client's membership of any netgroup even if it is not a member.

If the access list of hosts is a string under 256 chars then things
work as expected, but if it is longer everyone can mount the filesystem.

Additionally this patch also fixes a problem where the cached netgroup
entry may contain groups from the previous mount.
Checksum of compressed tarfile 100296-02.tar.Z on ftp.uu.net = 30606 23


Sun Patch ID: 100305-07
Sun Bug IDs: 1016437 1040453 1057834 1058003 1059620 1061504 1063772
1081850 1081968
SunOS release: 4.1, 4.1.1, 4.1.2
Synopsis: The patch integrates changes made by patch 100301-01 (BugId
1059620, lpr -r does not work on NFS mounted files) and fixes a new
bug (BugId 1081850, lpr -r allows you to delete files without the proper
permissions). The patch has also been updated to reflect applicability
to SunOS 4.1.2.
Checksum of compressed tarfile 100305-07.tar.Z on ftp.uu.net = 25894 283


Sun Patch ID: 100383-04
Sun Bug IDs: 1069497 1074961
SunOS release: 4.0.3, 4.1, 4.1.1, 4.1.2
Synopsis: /usr/ucb/rdist can be used to create setuid root programs. The
patch has been modified to reflect the patch's applicability to SunOS
4.1.2.
Checksum of compressed tarfile 100383-04.tar.Z on ftp.uu.net = 42306 113

Sun Patch ID: 100448-01
Sun Bug IDs: 1076118
SunOS release: 4.1.1, 4.1.2
Synopsis: OpenWindows 3.0: loadmodule is a security hole. The patch
has been modified to reflect the patch's applicability to SunOS 4.1.2.
Checksum of compressed tarfile 100448-01.tar.Z on ftp.uu.net = 02672 5



Sun Microsystems recommends that all customers concerned with the security
of their SunOS systems obtain and load the patches that are applicable to
their system(s).

Kenneth L. Pon
Sun Microsystems, Inc.
Software Security Coordinator
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close