TUCoPS :: SunOS/Solaris :: ciacd004.txt

SunOS 18 Patches

        _____________________________________________________
             The Computer Incident Advisory Capability
                         ___  __ __    _     ___
                        /       |     / \   /
                        \___  __|__  /___\  \___
        _____________________________________________________
                           INFORMATION BULLETIN 

       18 New and Upgraded Security Patches Available For SunOS

November 11, 1992, 1200 PST                                   Number D-04

______________________________________________________________________________
PROBLEMS:  Various security vulnerabilities.
PLATFORMS: SunOS 4.1.3, 4.1.2, 4.1.1, 4.1, 4.0.3 and 5.0 (Solaris 2.0FCS).
DAMAGE:    Unauthorized root access and privileges, denial of service,
	   other damage as noted below.
SOLUTION:  Apply Sun Patches as described.
______________________________________________________________________________
       Critical Information about SunOS Security Patches

CIAC has received information from Sun Microsystems regarding the
availability of the following eighteen security patches for SunOS
versions 4.1.3, 4.1.2, 4.1.1, 4.1, 4.0.3 and Solaris 2.0FCS (which
contains SunOS 5.0).

The patches are available through your local Sun Answer Center and
via anonymous ftp.  In the U.S., ftp to ftp.uu.net and retrieve the
patches from the /systems/sun/sun-dist directory.  In Europe, ftp to
mcsun.eu.net and retrieve the patches from the ~ftp/sun/fixes
directory.  The patches are contained in compressed tar files named
[patch].tar.Z.  For example, if you wish to obtain patch 100103-11,
the tarfile would be 100103-11.tar.Z.  Each patch has been checksummed
using the SunOS "sum" command so its validity can be verified by the
end user.  If you find that the checksum differs from that listed
below, please contact Sun Microsystems or CIAC for confirmation before
using the patch.  To install the patches on your system, follow the
instructions contained in the README files which accompany each patch.


The following ten patches (except for the last, which is a new patch)
are new revisions, superseding older patch versions, and they all
include fixes for new bugs.  All designated versions of SunOS should
be upgraded with these patches.  Refer to the CIAC bulletins listed,
or contact CIAC for more information on each vulnerability.  A brief
description of each patch is provided.

Patch      Checksum    SunOS Versions                   CIAC Bulletins 
-----      --------    --------------                   --------------
100103-11  19847 6     4.1.3, 4.1.2, 4.1.1, 4.1         B-26
           A shell script modifies file permissions to a more secure
           mode.  The script changes the permissions for two
           additional files:  
	   /var/yp/`domainname`/mail.aliases.dir and
           /var/yp/`domainname`/mail.aliases.pag

100173-09  28314 788   4.1.3, 4.1.2, 4.1.1, 4.1         C-28
           NFS jumbo patch - Repairs a problem when accessing NFS
           mounted files as root.  This patch requires that a new
           kernel be configured, made and installed.  The installer
           needs to build a new kernel only once even if multiple
           patches are installed, as long as all the object files
           (".o" files) from all patches are loaded.  

100267-09  55338 5891  4.1.1                           (contact CIAC)
           This is the international version of the libc replacement
           with all 4.1.1 patches.  New bug fixes include: innetgr may
           acknowledge false netgroup membership, undefined symbols
           when linking statically with "mblen()", mbtowc and mbstowcs
           give different results for same character. 

100305-10  28781 368   4.1.3, 4.1.2, 4.1.1, 4.1         B-30, B-33 
           Fix for lpr, lpd, lpstat -v, passwd, delete, and system.
           This patch also contains a new bug fix for lpstat -v. 

100377-05  29141 1076  4.1.3, 4.1.2, 4.1.1, 4.1         C-26, A-16
           sendmail jumbo patch - Fixes sendmail, sendmail.mx 
           Remedies five new bugs in sendmail.

100507-04  57590 61    4.1.3, 4.1.2, 4.1.1             (contact CIAC)
           tmpfs jumbo patch - Copying files from an NFS mounted
           partition to a tmpfs mount can result in a security breach.
           This patch requires that a new kernel be configured, made
           and installed.  The installer needs to build a new kernel
           only once even if multiple patches are installed, as long
           as all the object files (".o" files) from all patches are
           loaded. 

100513-01  20616 480   4.1.3, 4.1.2, 4.1.1, 4.1         B-10
           tty jumbo patch - Consolidates many patches, including
           security patch 100188-02 (TIOCCONS redirection of console
           output/input).  This patch requires that a new kernel be
           configured, made and installed.  The installer needs to
           build a new kernel only once even if multiple patches are
           installed, as long as all the object files (".o" files)
           from all patches are loaded.

100201-06  13145 164   4.1.1, 4.1                      (contact CIAC)
           C2 jumbo patch - Fixes delay with yppasswd when running C2
           with NIS, unprivileged access to environment variables, and
           a problem where an image contains plaintext passwords and
           passwd.adjunct file.   

100564-05  00115 824   4.1.3, 4.1.2                    (contact CIAC)
           C2 jumbo patch - Fixes problem where an image contains
           plaintext passwords and passwd.adjunct file.

100723-01  22726 1     Solaris 2.0FCS/SunOS 5.0         new patch
           The Solaris 2.0FCS install leaves world-writable
           directories.  NOTE: this patch contains a README file only.
           The README instructs the installer to run the following
           command as root after the installation of 
           Solaris 2.0FCS/SunOS 5.0:   #pkgchk -f
           correcting directory and file attributes incorrectly
           set during the installation process. 

           
The following patch is an upgrade for compatibility with SunOS
versions 4.1.2 and 4.1.3.  If you have a pre-4.1.2 system and have
previously loaded this patch, you need not apply this to your system. 

100372-02  22739 712   4.1.3, 4.1.2, 4.1.1             (contact CIAC)
           tfs and C2 do not work together.  This patch is provided
           for C2 security, and is only necessary if you use C2 with
           tfs (translucent file service). 


The following seven patches are upgraded to be compatible with SunOS
4.1.3.  If you have a pre-4.1.3 system and have previously loaded
these patches, you need not apply these to your system.

100296-04  42492 40    4.1.3, 4.1.2, 4.1.1              C-06
           Netgroup exports to world.

100482-03  27837 342   4.1.3, 4.1.2, 4.1.1, 4.1         C-25
           ypserv, ypxfrd.  Note: the /var/yp/securenets configuration
           file provided with this patch does not support blank lines. 

100383-05  52230 135   4.1.3, 4.1.2, 4.1.1, 4.1, 4.0.3  C-04, C-08 
           rdist security enhancement.

100567-04  15728 11    4.1.3, 4.1.2, 4.1.1, 4.1         C-28
           icmp redirects, mfree panic. This patch requires that a new
           kernel be configured, made and installed.  The installer
           needs to build a new kernel only once even if multiple
           patches are installed, as long as all the object files
           (".o" files) from all patches are loaded.   

100630-01  28074 39    4.1.3, 4.1.2, 4.1.1, 4.1         C-26
100631-01  44444 25    4.1.3, 4.1.2, 4.1.1, 4.1         C-26  
           login, su, LD_ environment variables.
           100630-01 is the international version of /bin/login for
           systems not using the US Encryption Kit.  /usr/bin/su and
           /usr/5bin/su from the international version are suitable
           for sites that use the US Encryption Kit.
           100631-01 is the domestic version.  To obtain 100631-01,
           contact your local Sun Answer Center.

100633-01  33264 20    4.1.3, 4.1.2, 4.1.1             (contact CIAC)
           Unbundled SunSHIELD ARM 1.0, "LD_" environment variables
           can be used to exploit login/su, international version. 


If you require additional assistance or wish to report a vulnerability,
call CIAC at (510) 422-8193 or send e-mail to ciac@llnl.gov. FAX
messages to: (510) 423-8002.

For emergencies only, call 1-800-SKYPAGE and enter PIN number
855-0070 (primary) or 855-0074 (secondary).

The CIAC Bulletin Board, Felicia, can be accessed at 1200 or 2400
baud at (510) 423-4753 and 9600 baud at (510) 423-3331.
Previous CIAC bulletins and other information is available via
anonymous ftp from irbis.llnl.gov (ip address 128.115.19.60).  

CIAC wishes to thank Ken Pon of Sun Microsystems for the information
used in this bulletin.

PLEASE NOTE: Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents.  Some of the other teams include the NASA NSI response
team, DARPA's CERT/CC, NAVCIRT, and the Air Force response team.
Your agency's team will coordinate with CIAC. The Forum of Incident
Response and Security Teams (FIRST) is a world-wide organization. A
list of FIRST member organizations and their constituencies can be
obtained by sending email to Docserver@First.Org with a null subject
line, and the first line of the message reading: send first-contacts.

This document was prepared as an account of work sponsored by an agency
of the United States Government.  Neither the United States Government
nor the University of California nor any of their employees, makes any
warranty, expressed or implied, or assumes any legal liability or
responsibility for the accuracy, completeness, or usefulness of any
information, product, or process disclosed, or represents that its use
would not infringe privately owned rights. Reference herein to any
specific commercial products, process, or service by trade name,
trademark manufacturer, or otherwise, does not necessarily constitute or
imply its endorsement, recommendation, or favoring by the United States
Government or the University of California.  The views and opinions of
authors expressed herein do not necessarily state or reflect those of
the United States Government nor the University of California, and shall
not be used for advertising or product endorsement purposes.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH