_______________________________________________________
              The Computer Incident Advisory Capability
                          ___  __ __    _     ___
                         /       |     / \   /
                         \___  __|__  /___\  \___
         _____________________________________________________
                         Information Bulletin
 
                        SunOS Security Patches
 
July 27, 1992 1500 PDT                                         Number C-28
__________________________________________________________________________
PROBLEMS: 1. Sparc integer multiplication and division can be used to
             gain root access.
          2. NFS UID type definition mismatch allows unauthorized root 
             access.
          3. ICMP redirect messages may be spoofed, causing network
             connections to be dropped.
PLATFORM: All Sun 3 and Sun 4 architectures running SunOS versions 
          4.1, 4.1.1, or 4.1.2
DAMAGE:   Unauthorized root access. Denial of service.
SOLUTION: Apply Sun Patches 100376-04, 100173-08, and 100567-02.
__________________________________________________________________________
          Critical Facts about New SunOS Security Patches

This bulletin supersedes CIAC Bulletin B-41.

CIAC has received information from Sun Microsystems regarding three
new security patches for SunOS versions 4.1, 4.1.1, and 4.1.2 on all
Sun 3 and Sun 4 architectures.  These patches close vulnerabilities
which permit both unauthorized root access and denial of network
service attacks.

The new patches are all upgraded versions of previous Sun patches,
fixing both newly discovered vulnerabilities and vulnerabilities not
completely removed by the previous versions.  CIAC recommends all three
patches be applied, even if previous versions have already been
installed.  Note also that, as these patches require regeneration of
the system kernel, you may wish to install all three patches at one
time.

The patches are available both through your local Sun Answer Center
and anonymous ftp.  In the U.S., ftp to ftp.uu.net and retrieve the
patches from the directory ~ftp/systems/sun/sun-dist.  In Europe, ftp
to mcsun.eu.net and retrieve the patches from the ~ftp/sun/fixes
directory.  The patches are contained in the compressed tarfiles
indicated below and have the indicated checksums (obtained using the
SunOS "sum" command).  Please note that Sun Microsystems occasionally
updates patch files, resulting in a changed checksum.  If you find
that the checksum differs from those listed below, please contact Sun
Microsystems or CIAC for verification before using the patch.

Patch Filename    Description                                 Checksum
---------------   -----------------------------------------   ---------
100376-04.tar.Z   Sparc integer multiplication and division   12884 100
100173-08.tar.Z   NFS Jumbo, UID truncation                   32716 562
100567-02.tar.Z   ICMP message spoofing                       23118  13

To install the patches on your system, follow the instructions contained in
the README files which accompany each patch.

For additional information or assistance, please contact CIAC at 
(510) 422-8193 / FTS or send e-mail to ciac@llnl.gov.  FAX messages to
(510) 423-8002 / FTS.

Previous CIAC bulletins and other information are available via
anonymous ftp from irbis.llnl.gov (ip address 128.115.19.60).

CIAC would like to thank both Gene Spafford of Purdue University and
Ken Pon of Sun Microsystems for their help with this bulletin.

PLEASE NOTE: Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents.  Some of the other teams include the NASA NSI response
team, DARPA's CERT/CC, NAVCIRT, and the Air Force response team.  Your
agency's team will coordinate with CIAC.

Neither the United States Government nor the University of California
nor any of their employees, makes any warranty, expressed or implied,
or assumes any legal liability or responsibility for the accuracy,
completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately
owned rights.  Reference herein to any specific commercial products,
process, or service by trade name, trademark manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government or the
University of California.  The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government nor the University of California, and shall not be used for
advertising or product endorsement purposes.