-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===============================================================================
>>                                                      CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl.  Links  <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>>                                                                           <<
>> CERT-NL also has stopped the CERT-CC-Mirror service.  Due to this the     <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the  <<
>> complete CERT-CC advisory texts:                     http://www.cert.org  <<
===============================================================================
===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : CERT-NL (Erik-Jan Bos)                      Index  :    S-93-10
Distribution  : World                                       Page   :          1
Classification: External                                    Version:      Final
Subject       : Sun Security Patches and Software Updates   Date   :  24-Mar-93
===============================================================================

CERT-NL has received information from Sun Microsystems regarding the
availability of new and updated security patches for the SunOS
operating system. Sun Microsystems has also announced the availability
of new versions of its DECnet Interface (DNI) and PC-NFS software
packages that correct security vulnerabilities of previous releases.


PATCH INFORMATION
=================

Sun security patches are available through your local Sun Answer Center
and via anonymous ftp. In The Netherlands you can anonymous ftp to
ftp.nic.surfnet.nl [192.87.46.3] and retrieve the patches from the
netman/cert-nl/sun-fixes directory. The patches are contained in
compressed tarfiles named [patch].tar.Z. For example, if you wish to
obtain patch 100891-01, the corresponding compressed tarfile would be
named 100891-01.tar.Z.

Each compressed tarfile has been checksummed using the SunOS "sum"
command. After retrieving each patch, the checksum should be recomputed
and compared to those listed in this bulletin. If you find that the
checksum for a patch differs from those listed below, please contact
Sun Microsystems or CERT-NL for confirmation before using the patch.
To install the patches, follow the instructions contained in the README
files that accompany each patch.

Patches Providing New or Additional Security Features
=====================================================

The following patches are either new security patches or new versions of
existing patches that provide additional security features or support
additional Sun platforms. CERT-NL recommends the installation of all
applicable security patches.

Patch      Checksum    SunOS Versions
- -----      --------    --------------
100891-01  33195 3075  4.1.3
           libc replacement - Corrects insecure handling of netgroups
           and fixes a bug in xlock that could cause it to crash and
           leave the system unprotected.

100884-01  03775 2610  5.1 (Solaris 2.1)
           Closes security vulnerability with the srmmu window handler.

100833-02  49753 155   5.1 (Solaris 2.1)
           Required for use of Sun's unbundled Basic Security Module
           (BSM) with Solaris 2.1.

100623-03  56063 141   4.1.2, 4.1.3
           UFS Jumbo Patch - Non-random file handles can be guessed.  
           This patch should be applied after the most recent version
           of 100173.

100448-01  29285 5     4.1.1, 4.1.2, 4.1.3
           OpenWindows 3.0 loadmodule Patch - This release adds 
           support for SunOS 4.1.3.  Sites running SunOS 4.1.1 or 
           4.1.2 do not need to install this patch again if it was 
           previously installed.

100305-11  38582 500   4.1, 4.1.1, 4.1.2, 4.1.3
           This patch fixes incorrect user ID checking in
           /usr/ucb/lpr.

100121-09  57589 360   4.1
           NFS Jumbo Patch - This patch adds support for sun4e
           architectures.  Other architectures need not reinstall
           the patch if a previous version was installed.

Patches Updated with Non-security Features
==========================================

The following security patches have been updated with non-security
related enhancements. Systems with previous versions of these patches
already installed do not need install the new versions unless the
additional non-security related enhancements are desired.

Patch      Checksum    SunOS Versions
- -----      --------    --------------
100513-02  34315 483   4.1, 4.1.1, 4.1.2, 4.1.3
           Jumbo tty Patch - This release fixes a tty bug that can
           cause system crashes.  Previous releases corrected a
           vulnerability that allowed console input and output
           to be redirected.

100482-04  06594 342   4.1, 4.1.1, 4.1.2, 4.1.3
           ypserv and ypxfrd security patch - Corrects incorrect
           DNS lookup failures when a host is up but has no
           nameserver running.  Previous releases of this patch 
           corrected a condition that allowed NIS to distribute maps,
           including the password map, to anyone.  Note: the 
           /var/yp/securenets configuration file cannot contain blank
           lines.

100452-28  07299 1688  4.1, 4.1.1, 4.1.2, 4.1.3
           XView 3.0 Jumbo Patch - This release fixes several 
           OpenWindows and XView bugs, including problems with 
           mailtool and filemgr.  Previous releases corrected a
           problem with cmdtool that allowed the disclosure of
           passwords.

100383-06  58984 121   4.0.3, 4.1, 4.1.1, 4.1.2, 4.1.3
           rdist Patch - This release allows /usr/ucb/rdist to 
           transfer hard linked files.  Previous releases of this 
           patch corrected a bug that allowed users to gain root 
           access.

100224-06  57647 54    4.1.1, 4.1.2, 4.1.3
           /bin/mail Jumbo Patch - This release corrects a problem
           that caused /bin/mail to crash.  Previous releases
           corrected a problem that allowed /bin/mail to be used to 
           invoke a root shell.

100173-10  48086 788   4.1.1, 4.1.2, 4.1.3
           NFS Jumbo Patch - This release corrects poor NFS write
           append performance.  Previous versions of this patch
           corrected a bug with the handling of setuid programs
           copied to NFS file systems.


DECnet Interface (DNI) Update
=============================
Versions of Sun's DNI product prior to 7.0.1 are known to have two 
security vulnerabilities:
  - dni_rc_ins creates an rc script with world writable permissions.
  - Files copied to VAX/VMS systems using dnicp are assigned
    incorrect permissions.  
To close the vulnerabilities, Sun recommends that you upgrade to DNI
version 7.0.1.  Sun has distributed the upgrade free of charge to all
customers with a DNI support contract.  Those customers not on
software support should obtain the upgrade through their standard Sun
sales channels.


PC-NFS Update
=============
The PC-NFS printing and authentication daemon pcnfsd allows
unauthorized access to the system.  It is recommended that sites with
pcnfsd installed upgrade to the latest version.

The latest version of pcnfsd may be obtained free of charge via
anonymous ftp from bcm.tmc.edu in the /pcnfs directory and from
src.doc.ic.ac.uk in the /pub/sun/pc-nfs directory in a file named
pcnfsd.93.02.16.tar.Z.


CERT-NL wishes to thank Ken Pon and Mark Allen of Sun Microsystems for
their assistance in the preparation of this bulletin. Furthermore,
CERT-NL wishes to thank CIAC for bringing this information to the
attention of CERT-NL.

==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).

All CERT-NL material is available under:
  http://cert.surfnet.nl/

In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

   Email:     cert-nl@surfnet.nl     ATTENDED REGULARLY ALL DAYS
   Phone:     +31 302 305 305        BUSINESS HOURS ONLY
   Fax:       +31 302 305 329        BUSINESS HOURS ONLY
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands

NOODGEVALLEN:    06 22 92 35 64      ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64      ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOL6WBDSYjBqwfc9jEQLojwCgyEb4idrR+gPFNBGUr8IcZtImHFwAoJgR
HXCpmGxthJJ4UzTEGPC87l69
=aeRD
-----END PGP SIGNATURE-----