TUCoPS :: SunOS/Solaris :: ciacd011.txt

SunOS Patches Dni Pcnfs 

        _______________________________________________________
              The Computer Incident Advisory Capability
                          ___  __ __    _     ___
                         /       |     / \   /
                         \___  __|__  /___\  \___
         _____________________________________________________
                         Information Bulletin
 
               Sun Security Patches and Software Updates
 
March 19, 1993 1400 PST                                       Number D-11
__________________________________________________________________________
PROBLEM:  Security vulnerabilities in SunOS, DNI, and PC-NFS.
PLATFORM: All Sun platforms running SunOS 4.0.3 or later, including
          Solaris 2.0 and 2.1.
DAMAGE:   Unauthorized root access, denial of service, and other
          as detailed below.
SOLUTION: Apply Sun patches and/or obtain software upgrades.
__________________________________________________________________________
    Critical Facts about Sun Security Patches and Software Upgrades


CIAC has received information from Sun Microsystems regarding the
availability of new and updated security patches for the SunOS
operating system.  Sun Microsystems has also announced the availability
of new versions of its DECnet Interface (DNI) and PC-NFS software
packages that correct security vulnerabilities of previous releases.


PATCH INFORMATION
=================

Sun security patches are available through your local Sun Answer Center
and via anonymous ftp.  In the U.S., ftp to ftp.uu.net and retrieve the
patches from the /systems/sun/sun-dist directory.  In Europe, ftp to
mcsun.eu.net and retrieve the patches from the /sun/fixes directory.
The patches are contained in compressed tarfiles named [patch].tar.Z.
For example, if you wish to obtain patch 100891-01, the corresponding
compressed tarfile would be named 100891-01.tar.Z.

Each compressed tarfile has been checksummed using the SunOS "sum"
command.  After retrieving each patch, the checksum should be recomputed
and compared to those listed in this bulletin.  If you find that the
checksum for a patch differs from those listed below, please contact
Sun Microsystems or CIAC for confirmation before using the patch.
To install the patches, follow the instructions contained in the README
files that accompany each patch.

Patches Providing New or Additional Security Features
=====================================================

The following patches are either new security patches or new versions of
existing patches that provide additional security features or support
additional Sun platforms.  CIAC recommends the installation of all
applicable security patches.

Patch      Checksum    SunOS Versions
-----      --------    --------------
100891-01  33195 3075  4.1.3
           libc replacement - Corrects insecure handling of netgroups
           and fixes a bug in xlock that could cause it to crash and
           leave the system unprotected.

100884-01  03775 2610  5.1 (Solaris 2.1)
           Closes security vulnerability with the srmmu window handler.

100833-02  49753 155   5.1 (Solaris 2.1)
           Required for use of Sun's unbundled Basic Security Module
           (BSM) with Solaris 2.1.

100623-03  56063 141   4.1.2, 4.1.3
           UFS Jumbo Patch - Non-random file handles can be guessed.  
           This patch should be applied after the most recent version
           of 100173.

100448-01  29285 5     4.1.1, 4.1.2, 4.1.3
           OpenWindows 3.0 loadmodule Patch - This release adds 
           support for SunOS 4.1.3.  Sites running SunOS 4.1.1 or 
           4.1.2 do not need to install this patch again if it was 
           previously installed.

100305-11  38582 500   4.1, 4.1.1, 4.1.2, 4.1.3
           This patch fixes incorrect user ID checking in
           /usr/ucb/lpr.

100121-09  57589 360   4.1
           NFS Jumbo Patch - This patch adds support for sun4e
           architectures.  Other architectures need not reinstall
           the patch if a previous version was installed.

Patches Updated with Non-security Features
==========================================

The following security patches have been updated with non-security
related enhancements.  Systems with previous versions of these patches
already installed do not need install the new versions unless the
additional non-security related enhancements are desired.

Patch      Checksum    SunOS Versions
-----      --------    --------------
100513-02  34315 483   4.1, 4.1.1, 4.1.2, 4.1.3
           Jumbo tty Patch - This release fixes a tty bug that can
           cause system crashes.  Previous releases corrected a
           vulnerability that allowed console input and output
           to be redirected.

100482-04  06594 342   4.1, 4.1.1, 4.1.2, 4.1.3
           ypserv and ypxfrd security patch - Corrects incorrect
           DNS lookup failures when a host is up but has no
           nameserver running.  Previous releases of this patch 
           corrected a condition that allowed NIS to distribute maps,
           including the password map, to anyone.  Note: the 
           /var/yp/securenets configuration file cannot contain blank
           lines.

100452-28  07299 1688  4.1, 4.1.1, 4.1.2, 4.1.3
           XView 3.0 Jumbo Patch - This release fixes several 
           OpenWindows and XView bugs, including problems with 
           mailtool and filemgr.  Previous releases corrected a
           problem with cmdtool that allowed the disclosure of
           passwords.

100383-06  58984 121   4.0.3, 4.1, 4.1.1, 4.1.2, 4.1.3
           rdist Patch - This release allows /usr/ucb/rdist to 
           transfer hard linked files.  Previous releases of this 
           patch corrected a bug that allowed users to gain root 
           access.

100224-06  57647 54    4.1.1, 4.1.2, 4.1.3
           /bin/mail Jumbo Patch - This release corrects a problem
           that caused /bin/mail to crash.  Previous releases
           corrected a problem that allowed /bin/mail to be used to 
           invoke a root shell.

100173-10  48086 788   4.1.1, 4.1.2, 4.1.3
           NFS Jumbo Patch - This release corrects poor NFS write
           append performance.  Previous versions of this patch
           corrected a bug with the handling of setuid programs
           copied to NFS file systems.


DECnet Interface (DNI) Update
=============================
Versions of Sun's DNI product prior to 7.0.1 are known to have two 
security vulnerabilities:
  - dni_rc_ins creates an rc script with world writable permissions.
  - Files copied to VAX/VMS systems using dnicp are assigned
    incorrect permissions.  
To close the vulnerabilities, Sun recommends that you upgrade to DNI
version 7.0.1.  Sun has distributed the upgrade free of charge to all
customers with a DNI support contract.  Those customers not on
software support should obtain the upgrade through their standard Sun
sales channels.


PC-NFS Update
=============
The PC-NFS printing and authentication daemon pcnfsd allows
unauthorized access to the system.  It is recommended that sites with
pcnfsd installed upgrade to the latest version.

The latest version of pcnfsd may be obtained free of charge via
anonymous ftp from bcm.tmc.edu in the /pcnfs directory and from
src.doc.ic.ac.uk in the /pub/sun/pc-nfs directory in a file named
pcnfsd.93.02.16.tar.Z.


For additional information or assistance, please contact CIAC at 
(510) 422-8193 / FTS or send E-mail to ciac@llnl.gov.  FAX
messages to (510) 423-8002 / FTS.

Previous CIAC bulletins and other information are available via
anonymous ftp from irbis.llnl.gov (IP address 128.115.19.60).

CIAC wishes to thank Ken Pon and Mark Allen of Sun Microsystems for
their assistance in the preparation of this bulletin.

PLEASE NOTE: Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents.  Your agency's team will coordinate with CIAC.  The Forum
of Incident Response and Security Teams (FIRST) is a world-wide
organization.  A list of FIRST member organizations and their
constituencies can be obtained by sending email to docserver@first.org
with an empty subject line and a message body containing the line:
send first-contacts.

Neither the United States Government nor the University of California
nor any of their employees, makes any warranty, expressed or implied,
or assumes any legal liability or responsibility for the accuracy,
completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately
owned rights.  Reference herein to any specific commercial products,
process, or service by trade name, trademark manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government or the
University of California.  The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government nor the University of California, and shall not be used for
advertising or product endorsement purposes.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH