Patch advisory for Sun Microsystems. Please read for details.
161bfc69bbe54d776a977c3ffdff47320cbfb06512adfbd56bd1e5e0e697fe6eSUN MICROSYSTEMS SECURITY BULLETIN: #00118, 11 November 92
This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.
Sun expressly disclaims all liability for any misuse of this information
by any third party.
---------------------------------------------------------------------------
All patches listed are available through your local Sun answer centers
worldwide as well as through anonymous ftp: in the US, ftp to ftp.uu.net
and obtain the patch from the /systems/sun/sun-dist directory; in Europe,
ftp to mcsun.eu.net and obtain the patch from the ~ftp/sun/fixes directory.
Note that Sun does not have direct access to mcsun.eu.net and must request
that patches be copied from ftp.uu.net to mcsun.eu.net. Therefore, there
may be a time lag before patches appear on mcsun.eu.net.
Please refer to the BugId and PatchId when requesting patches from Sun
answer centers.
----------------------------------------------------------------------------
BULLETIN TOPICS
I. Patches that contain fixes for new bugs. These patches were also
updated for 4.1.3 compatibility if applicable.
A. 100103-11 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: script to change file
permissions to a more secure mode
B. 100173-09 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: NFS Jumbo Patch
C. 100201-06 - SunOS 4.1, 4.1.1: C2 Jumbo Patch
D. 100267-09 - SunOS 4.1.1: international libc replacement with all
4.1.1 patches
E. 100305-10 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: lpr, lpd, lpstat
F. 100377-05 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: sendmail, sendmail.mx
G. 100507-04 - SunOS 4.1.1, 4.1.2, 4.1.3: tmpfs jumbo patch
H. 100513-01 - SunOS 4.1 4.1.1 4.1.2 4.1.3: jumbo tty patch
I. 100564-05 - SunOS 4.1.2, 4.1.3: C2 Jumbo Patch
J. 100723-01 - Solaris 2.0FCS/SunOS 5.0, install creates security holes
II. Patches upgraded for SunOS 4.1.3
A. 100296-04 - SunOS 4.1.1, 4.1.2, 4.1.3: netgroup exports to world
B. 100482-03 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: ypserv, ypxfrd
C. 100372-02 - SunOS 4.1.1, 4.1.2, 4.1.3: tfs and c2 do not work together
D. 100383-05 - SunOS 4.0.3, 4.1, 4.1.1, 4.1.2, 4.1.3: rdist security
enhancement
E. 100567-04 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: icmp redirects, mfree panic
F. 100630-01 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: login international,
su, LD_ environment variables
G. 100633-01 - SunOS 4.1.1,4.1.2, 4.1.3: unbundled SunSHIELD ARM 1.0,
"LD_" environment variables can be used to exploit login/su,
International version.
==============================================================================
SPECIAL NOTE: Upgraded patches 100173-09, 100507-04, 100513-01, and
100567-04 all require that a new kernel be configured, made, and installed.
All four patches provide significant security enhancements. Note that the
installer need only build a new kernel once, after loading in the object files
(".o" files) from one or more of the mentioned patches.
==============================================================================
PATCHES THAT CONTAIN FIXES FOR NEW BUGS
A. Sun Patch ID: 100103-11, shell script modification of file permissions
to a more secure mode.
Sun Bug IDs: 1046817, 1047044, 1048142, 1054480, 1037153, 1039292, 1042662
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: The script for this patch has been tested on 4.1.3 and also
changes the permissions for two additional files:
/var/yp/`domainname`/mail.aliases.dir and
/var/yp/`domainname`/mail.aliases.pag.
Checksum of compressed tarfile 100103-11.tar.Z on ftp.uu.net = 19847 6
B. Sun Patch ID: 100173-09, NFS Jumbo Patch
Sun Bug IDs: 1039977, 1032959, 1029628, 1037476, 1038302, 1034328,
1045536, 1030884, 1045993, 1047557, 1052330, 1053679, 1041409,
1065361, 1066287, 1064433, 1070654, 1076985, 1095935, 1097593
SunOS release: 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 and fix for bugid 1097593
Problem Description:
Bug 1097593 - Accessing NFS mounted files as root causes any application
not to be able to access the same file regardless of the file's
permissions.
Checksum of compressed tarfile 100173-09.tar.Z on ftp.uu.net = 28314 788
C. Sun Patch ID: 100201-06, C2 Jumbo Patch
Sun Bug IDs: 1059261, 1043667, 1040465, 1044204, 1040334, 1047131, 1049585,
1058378, 1063796, 1085851, 1097292
SunOS release: 4.1, 4.1.1 (Please refer to Patch 100564-05 for 4.1.2, 4.1.3)
Synopsis: Bug fixes for 1063796, 1085851, 1097292
Problem Description:
Bug 1063796 - when running C2 with NIS, yppasswd from client system
would take 5 minutes delay.
Bug 1085851 - a dynamically-linked program that is executed by a
setuid program has access to the callers environmental variables if
the setuid program sets the real UID equal to the effective UID and
the real GID equal to the effective GID before the dynamically-linked
program is executed.
Bug 1097292 - rpc.pwdauthd's core image contains plaintext passwords
and passwd.adjunct file.
Checksum of compressed tarfile 100201-06.tar.Z on ftp.uu.net = 13145 164
D. Sun Patch ID: 100267-09, international libc replacement with all 4.1.1
patches
Sun Bug IDs: 1034993, 1045471, 1033812, 1038500, 1050040, 1051619, 1053346,
1053356, 1052398, 1069731, 1069726, 1033104, 1069972, 1061071, 1054748,
1049421, 1070565, 1059039, 1072740, 1088455, 1041424, 1087375, 1053431,
1093261, 1091493
SunOS release: 4.1.1
Synopsis: Bug fixes for 1053431, 1093261, 1091493
Problem Description:
Bug 1053431 - innetgr may acknowledge false netgroup membership.
Bug 1093261 - undefined symbols when linking statically with "mblen()".
Bug 1091493 - mbtowc and mbstowcs give different results for same
character.
Checksum of compressed tarfile 100267-09.tar.Z on ftp.uu.net = 55338 5891
E. Sun Patch ID: 100305-10, passwd, lpd, lpr, delete, system, lpstat -v
Sun Bug IDs: 1016437, 1040453, 1057834, 1058003, 1059620, 1061504,
1063772, 1081850, 1081968, 1090527
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 and fix for bugid 1090527
Problem Description:
Bug 1090527 - lpstat -v only returns the second entry from printer
alias list.
Checksum of compressed tarfile 100305-10.tar.Z on ftp.uu.net = 28781 368
F. Sun Patch ID: 100377-05, sendmail Jumbo Patch
Sun Bug IDs: 1056203, 1030087, 1068637, 1085853, 1041284, 1092073,
1092650, 1093667, 1089670, 1084351
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 and fix for bugids 1093667,
1092650, 1092073, 1089670, 1084351
Problem Description:
Bug 1093667 - Sendmail doesn't generate error mail in error conditions.
Bug 1092650 - Sendmail truncates the header if the header length is
too long.
Bug 1092073 - sendmail loops on mail where name of recipient contains
eight bit character(s).
Bug 1089670 - Sendmail.mx doesn't handle subdomains.
Bug 1084351 - Sendmail gets 550 user unknown during "rcpt to" right
after reboot.
Checksum of compressed tarfile 100377-05.tar.Z on ftp.uu.net = 29141 1076
G. Sun Patch ID: 100507-04, tmpfs jumbo patch
Sun Bug IDs: 1038651, 1091294, 1089447, 1083412
SunOS release: 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 and fix for bugid 1083412
Problem Description:
Bug 1083412 - copying files from an nfs mounted partition to a tmpfs
mount can result in security breach.
Checksum of compressed tarfile 100507-04.tar.Z on ftp.uu.net = 57590 61
H. Sun Patch ID: 100513-01, Jumbo tty patch
Sun Bug IDs: 1008324, 1040722, 1048128, 1060689, 1064320, 1069768, 1070495
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: This patch is a consolidation of patches 100225-02, 100194-02,
100397-01, 100188-02 (TIOCCONS), 100358-01, and 100414-01; it also
includes a fix for bugid 1064320. As such this patch supersedes
these previous patches.
Problem Description:
Bug 1064320 - in a 4/110 with ALM-2, null characters are not echoed
with a Hayes Smartmodem1200.
Bug 1008324 - TIOCCONS can be used to re-direct console output/input
away from "console" (for obsolete patch 100188-02).
Checksum of compressed tarfile 100513-01.tar.Z on ftp.uu.net = 20616 480
I. Sun Patch ID: 100564-05, C2 Jumbo Patch
Sun Bug IDs: 1040334, 1043667, 1058378, 1059261, 1063796, 1039587, 1097292
SunOS release: 4.1.2, 4.1.3 (Please refer to Patch 100201-06 for 4.1, 4.1.1)
Synopsis: Patch upgraded for SunOS 4.1.3 and fix for bugids 1097292 and
1006905
Problem Description:
Bug 1097292 - rpc.pwdauthd's core image contains plaintext passwords
and passwd.adjunct file.
Bug 1006905 - rpc.yppasswdd can sometimes corrupt passwd dbm files
Checksum of compressed tarfile 100564-05.tar.Z on ftp.uu.net = 00115 824
J. Sun Patch ID: 100723-01, Solaris 2.0FCS install
Sun Bug IDs: 1098207
SunOS release: Solaris 2.0FCS/SunOS 5.0
Synopsis: Solaris 2.0FCS/SunOS 5.0 install creates security holes
Problem Description:
Bug 1098207 - Solaris 2.0FCS install procedures leave world-writable
directories, thus opening a path for normal users to gain root
privileges.
Note that this patch contains a README file only. The README file instructs
the installer to run the following command as root after the installation
of Solaris 2.0:
# pkgchk -f
The command above will correct improperly set directory and file attributes
created during the installation process.
Checksum of compressed tarfile 100723-01.tar.Z on ftp.uu.net = 22726 1
==============================================================================
UPGRADED PATCH INFORMATION FOR SUNOS 4.1.3 COMPATIBILITY
A. Sun Patch ID: 100296-04, netgroup exports to world
Sun Bug IDs: 2000680, 1044852, 1048890, 1047410
SunOS release: 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3
Checksum of compressed tarfile 100296-04.tar.Z on ftp.uu.net = 42492 40
B. Sun Patch ID: 100482-03, ypserv and ypxfrd security patch
Sun Bug IDs: 1036869, 1039839, 1082319, 1082320, 1080353
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3
Please note that the /var/yp/securenets configuration file that is provided
in this patch does not support blank lines.
Checksum of compressed tarfile 100482-03.tar.Z on ftp.uu.net = 27837 342
C. Sun Patch ID: 100372-02, tfs and c2 do not work together
Sun Bug IDs: 1052574
SunOS release: 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.2 and 4.1.3 compatibility
Checksum of compressed tarfile 100372-02.tar.Z on ftp.uu.net = 22739 712
D. Sun Patch ID: 100383-05, rdist security enhancement
Sun Bug IDs: 1069497, 1074961
SunOS release: 4.0.3, 4.1, 4.1.1, 4.1.2 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 compatibility
Checksum of compressed tarfile 100383-05.tar.Z on ftp.uu.net = 52230 135
E. Sun Patch ID: 100567-04
Sun Bug IDs: 1087460, 1093937
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 compatibility
Checksum of compressed tarfile 100567-04.tar.Z on ftp.uu.net = 15728 11
F. Sun Patch ID: 100630-01, login international, su, LD_ environment variables
Sun Bug IDs: 1085851
SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: Patch upgraded for SunOS 4.1.3 compatibility
Note that this patch contains the international version of /bin/login
that users who are not using the US Encryption Kit need to install.
Patch 100631-01 contains the domestic version of /bin/login. /usr/bin/su
and /usr/5bin/su from this international patch are suitable for
sites that use the US Encryption Kit. Export restrictions prevent
putting patch 100631-01 onto anonymous ftp sites. Please contact
your Sun Answer Center for patch 100631-01.
Checksum of compressed tarfile 100630-01.tar.Z on ftp.uu.net = 28074 39
Checksum of compressed tarfile 100631-01.tar.Z = 44444 25
G. Sun Patch ID: 100633-01, Unbundled SunSHIELD/ARM: login international, su,
LD_ environment variables
Sun Bug IDs: 1085851
SunOS release: 4.1.1, 4.1.2, 4.1.3; Unbundled Product: SunSHIELD, ARM
Synopsis: Patch upgraded for SunOS 4.1.3 compatibility
Checksum of compressed tarfile 100633-01.tar.Z on ftp.uu.net = 33264 20
===========================================================================
Sun Microsystems acknowledges the Department of Energy's Computer Incident
Advisory Capability (CIAC), especially the efforts of Karyn Pichnarczyk,
for their assistance in and review of patch revision issues pertaining
to SunOS 4.1.3.
Sun Microsystems recommends that all customers concerned with the security
of their SunOS system(s) obtain and install the patches that are applicable
to their computing environment.
Kenneth L. Pon
Software Security Coordinator
Sun Microsystems Computer Corporation
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed