.po 1.2i
.ls 1
.nh
.fo ''-%-'89/06/09'
.ce
\fBNOTICE OF AVAILABILITY OF SUN PATCH FOR RCP AND RDIST\fR
.ce
\*(td
.sp 1
.pp
Several weeks ago, the DOE Computer Incident Advisory Capability (CIAC) reported a 
UNIX security problem involving rcp and rdist in 4.3BSD, 4.3BSD-tahoe, 
and all versions of UNIX using BSD networking code, as well as SunOS (all 
versions).  Patches for BSD but not SUN systems were available at the
time you received an announcement about the rcp and rdist 
vulnerabilities.  However, patches for SUN3 and SUN4 systems are now
available.  You may obtain these patches from several sources, to 
be described shortly.
.nr ii -8n
.ip
\fBTo transfer the patches:\fR
.nr ii 4n
.np 
Log in to your local SUN machine.
.np 
Get into the directory into which you want the patches to be transferred.
You can accomplish this by typing: \fIcd\fR "dir", where "dir"
is the name of the directory to which you want to copy the patches.
.np
Use one of the following options:
.nr ii -8n
.ip
\fBOPTION I- Transfer the Patches from uunet.uu.net\fR
.nr 4n
.nr ii .5i
.ip (a) 
\fBType: \fIftp uunet.uu.net \fR  <RETURN>
.ip
The remote system will prompt you as follows:
.(l
	   Name: 
	   \fBtype:\fI anonymous\fR <RETURN>
	   Passwd:
	   \fBtype:\fI guest\fR <RETURN>
	   ftp>
.)l
.nr ii .5i
.ip (b) 
When you get an "ftp>" prompt then 
.(l 
    \fBType: \fIcd sun-fixes\fR <RETURN>
    and then type: \fIls\fR <RETURN>
    (this will help you see what directory you are in.)
.)l
.nr ii .5i
.ip (c)
Then \fBtype: \fItype image\fR <RETURN>
.nr ii .5i
.ip (d) 
Now you are ready to copy the patches. 
.(l
If you are running a SUN3 system, i.e. 68020., 
\fBType: \fIget \fRrcp.sun3.Z <RETURN>
Or for SUN4 systems, i.e. SPARC architecture.,
\fBtype: \fIget \fRrcp.sun4.Z <RETURN>
.ip
Do the same for: \fIget \fR"rdist.sun3.Z" <RETURN> 
.ip
or \fIget \fR"rdist.sun4.Z" <RETURN>
.ip (e) 
Finally \fBtype: \fIquit\fR <RETURN>
.sp 2
.nr ii -8n
.bp
.ip
\fBOPTION II- Transfer the patches from lll-crg.llnl.gov\fR
.sp
If you cannot connect to uunet.uu.net, then try the following:
.pp
.nr ii 4n
.ip (a)
\fBType:\fI ftp lll-crg.llnl.gov\fR <RETURN>
.ip
The remote system will prompt you as follows:
.(l
	   Name:
	   \fBtype:\fI anonymous\fR <RETURN>
	   Passwd:
	   \fBtype:\fI guest\fR <RETURN>
	   ftp>
.)l
.ip (b)
\fBType: \fIcd sun\fR <RETURN> 
.ip (c)
\fBGet\fR the files as shown above. (Refer to I.c and I.d above)
.ip (d)
Finally \fBtype: \fIquit\fR <RETURN>
.sp 
.nr ii -8n
.ip
\fBTo install the patches on your system:\fR
.ip
After you get the patches and are back to your local machine, do the following: 
.ps
.nr ii 4n
.pp
.nr ii .5i
.ip (1)
\fBMake your files readable.\fR
.ip 
\fBType:\fI uncompress rcp.sun3.Z.\fR <RETURN>
.ip 
\fBType:\fI uncompress rdist.sun3.Z.\fR <RETURN>
.ip 
the \fIrdist.sun3.Z\fR is for SUN3 systems, if you have a SUN4 
it will be \fIrdist.sun4.Z\fR. The same naming rule is being 
used on \fIrcp.sun3.Z\fR.
.nr ii .5i
.ip (2)
\fBReplace the original rcp and rdist.\fR
.ip
You can achieve this by:
.(l
2.1) \fBType:\fI whereis rcp\fR <RETURN>
   Your computer will return a pathname such as: /usr/ucb/rcp.
   Write down that pathname.
2.2) Do the same for "rdist". \fBType:\fI whereis rdist\fR <RETURN>
2.3) \fBType:\fI cp "rcp-pathname" "rcp-pathname.orig"\fR <RETURN>
   (where "rcp-pathname" is the pathname from step 2.1 above.)
   \fBType:\fI cp "rdist-pathname" "rdist-pathname.orig"\fR <RETURN>
   (where "rdist-pathname" is the pathname from step 2.2 above.)
   \fBType:\fI cp rcp.sun3 "rcp-pathname" <RETURN>
   \fBType:\fI cp rdist.sun3 "rcp-pathname"\fR <RETURN>
.)l
.pp
You can now test these utilities.  
If you cannot connect to either uunet.uu.net or lll-crg.llnl.gov via the network  
or need further assistance, 
please contact:
.(l 
     Ana Maria De Alvare'
     anamaria@lll-lcc.llnl.gov
     (415) 422-7007 or (FTS) 532-7007

     or send e-mail to:

     ciac@tiger.llnl.gov

.)l