-----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 4,MIC-CLEAR Content-Domain: RFC822 Originator-Certificate: MIICozCCAgwCAREwDQYJKoZIhvcNAQECBQAwgYYxC zAJBgNVBAYTAlVTMSswKQYDVQQKEyJEZWZlbnNlIEluZm9ybWF0aW9uIFN5c3Rlb XMgQWdlbmN5MTAwLgYDVQQLEydDZW50ZXIgZm9yIEluZm9ybWF0aW9uIFN5c3Rlb XMgU2VjdXJpdHkxGDAWBgNVBAsTD0NvdW50ZXJtZWFzdXJlczAeFw05MzEyMDkxO DU5MTZaFw05NTEyMDkxODU5MTZaMIGxMQswCQYDVQQGEwJVUzErMCkGA1UEChMiR GVmZW5zZSBJbmZvcm1hdGlvbiBTeXN0ZW1zIEFnZW5jeTEwMC4GA1UECxMnQ2Vud GVyIGZvciBJbmZvcm1hdGlvbiBTeXN0ZW1zIFNlY3VyaXR5MRgwFgYDVQQLEw9Db 3VudGVybWVhc3VyZXMxEzARBgNVBAsTCk9wZXJhdGlvbnMxFDASBgNVBAMTC1Bld GUgSGFtbWVzMIGaMAoGBFUIAQECAgQAA4GLADCBhwKBgQDFFJkcaDOuS+6Ai2vmT bwY6JRbhdzPsl6X60hnXruOw2WvrAhc8BTFB+id75m3M55i+Th6MxWH20QHyQq5u yVghOu/s37OxIrj7irNPjtUdPv8b2m4hNGEW53QH6GmXkxLmgLzOhookpoYPC+uw 2MzibDnleVI50d2m//XsWs7hwIBAzANBgkqhkiG9w0BAQIFAAOBgQDHH6CmBoyWU zPlqVnEWYKIBsifqdTJzkKfnoST7NDRIakUP49FP86Cyy1+2AKpUCWaxjq+wGHCH RCNFCCrOwdC9z8XwJal/c69ml6eLRhOoX77ANndpU9E5+eHxP+6Ute6lc63K7+Lz 5xOULjmgaMmKDkTXveVcQO6R2CTY37vcA== Issuer-Certificate: MIICNTCCAZ4CASIwDQYJKoZIhvcNAQECBQAwRDELMAkGA 1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZm9ybWF0a W9uIFN5c3RlbXMgUENBMB4XDTk0MDIyNTE0NDkxMloXDTk0MDMwNzE0NDkxMlowg YYxCzAJBgNVBAYTAlVTMSswKQYDVQQKEyJEZWZlbnNlIEluZm9ybWF0aW9uIFN5c 3RlbXMgQWdlbmN5MTAwLgYDVQQLEydDZW50ZXIgZm9yIEluZm9ybWF0aW9uIFN5c 3RlbXMgU2VjdXJpdHkxGDAWBgNVBAsTD0NvdW50ZXJtZWFzdXJlczCBmjAKBgRVC AEBAgIEAAOBiwAwgYcCgYEA19l6BN7iTGYEU61qJETIjBh3iAeHzoL8sZ5KwFRZD S/a1KnYlD1zJHR/KeQCOBWW2HzX43TFLCNGU7UD9i6m8AymLe5IJf/bGh0Rne7Jd Q1GAOLw7/J4hE57IMbGETZpzeU1D9IYxiERRNio/oa422lUlS9JZHLA5jaPNcUrX P8CAQMwDQYJKoZIhvcNAQECBQADgYEApkliqAdudoOxvOFmQkOZbSgtlpn61VcNC R7azDNJa2ulevaebptwSTs2OvMeuR/J0Ez4TC7XrJXLVjI5huRAqc+EWGRpZYRMa CARZyE7gGYjUqS7DIQazfskeWiB8zheyW5tCVn+jnB09AZXtgbM6qRjyqrmSdCpg CtfgazIKqI= Issuer-Certificate: MIIB8jCCAVsCAQEwDQYJKoZIhvcNAQECBQAwRDELMAkGA 1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZm9ybWF0a W9uIFN5c3RlbXMgUENBMB4XDTkzMDUyODE3MTEyN1oXDTk1MDUyODE3MTEyN1owR DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZ m9ybWF0aW9uIFN5c3RlbXMgUENBMIGaMAoGBFUIAQECAgQAA4GLADCBhwKBgQDbL xaRlS3u54yyRgVDI5dcE9nlasL8fJqOGlyo7xH2FZnr3kUfsFj7OGiYsr6UbvqwK nyfMIRUrXDUa64leGmft3SK27psDUHOynRSCc40d/HrDf810U5tnTamBKUIMqivK 4GoL0tMRA1eX6hALAvLLgK1HbnwZAo6GqQGW8CIJQIBAzANBgkqhkiG9w0BAQIFA AOBgQDBp5aC6oV6IuFi8JCctq57bew604HHNllgjjp7zdXafq6jctRg2g91k/yFW h19bJC/tNrb0WVwuZOs5L/FToPMNIIHzaW/YSROBmyhTDYaKHZGj0P1+iNjMbHt9 dm1QEHGIfKgBwFidItnOa74DfkXdijlPRnr/+E2Ib6PM+hEfQ== MIC-Info: RSA-MD5,RSA,ZXOSMGz01Jrun7LPr7uHwuxpFFum3renb/N68f72L9L V9/sz4RUCyUZX0ApR3rNoi/3azks5p3TC8aYQW5RotmsYkpv8bHKjiO8Ej5hAnK2 5KZhXdMLjMkxA23zoZL/srNqvRG3TF91vsligwTqw6KKw72efznpxE9mr9Bnr+EQ = <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Automated Systems Security Incident Support Team _____ ___ ___ _____ ___ _____ | / /\ / \ / \ | / \ | | / Integritas / \ \___ \___ | \___ | | < et /____\ \ \ | \ | | \ Celeritas / \ \___/ \___/ __|__ \___/ | |_____\ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Bulletin 94-02C Release date: 12 April 1994, 04:00 PM EDT Subject: Update on CONTINUING network monitoring activity. SUMMARY: This bulletin is a follow up to ASSIST 94-02, and has been issued to inform DoD computer users, system administrators, security personnel, and law enforcement of the ongoing monitoring of Milnet(Internet) resources by intruders. WIDEST POSSIBLE DISSEMINATION OF THE BACKGROUND PARAGRAPH BELOW IS RECOMMENDED. Compromised systems with intruder installed network monitoring software have been discovered since ASSIST 94-02 was issued, and there is strong evidence that additional sniffers will be found in the future. Estimates from FIRST members (see below for information on FIRST) are that over 100,000 user accounts have been compromised around the world. Regional networks in the USA that are known to have had backbones sniffed include BARRnet (in Northern California), PSInet and SURAnet (in the mid-Atlantic region), and SESQUINET (in Texas); sniffers have also been detected on several European networks. Recently discovered compromised systems were accessed by intruders using account information previously gathered by sniffers linked to this same event. All FTPs, telnets, and rlogins should be considered suspect unless a one-time password mechanism is in use. ASSIST is coordinating DoD incident response efforts on this matter with other FIRST organizations, and is notifying affected DoD sites as information becomes available. BACKGROUND: This is an update to an ongoing incident. Specific system administration information is contained in the appendices attached at the end of this bulletin. To allow for the maximum visibility of the problem, recommend the following information be extracted and widely posted within the DoD community. --------------- CUT HERE ---------------- INTERNET SECURITY INCIDENT UPDATE On 3 February 1994, the FIRST community discovered significant compromises to user accounts transitting the Internet and Milnet. An unidentified person, or persons, installed a network sniffer on numerous hosts and backbone elements resulting in the explicit collection of over 100,000 valid usernames and passwords. The impact to the unclassfied DoD networks is estimated as substantial. Regardless of the individual security posture of individual attached hosts, compromises may have taken place. The impact to DoD is twofold; First, any computer host allowing FTP, telnet, or rlogin to the system should be considered at risk. ASSIST strongly recommends that systems and security managers follow the guidance below (see "SYSTEM ADMINISTRATORS should")for their hosts. Second, all networked hosts running a Unix derivitive operating system should check for the particular promiscuous device driver that allows the sniffer being used in this current exploitation to be installed, and disable it if found. Users at all levels must be made aware of the current compromises. Hightened user awareness will allow for quicker detection of possible compromise. Items that USERS should be specifically alerted to include: * After hours logins that the users were not resposible for. * Modification of user data files. * "Unexplained" requirement to change passwords * Any activity attributed to users that they are not aware of performing. * "Unexplained" receipt of electronic mail. * Notices from system administration personnel of attempts to intrude into other machines. SYSTEM ADMINISTRATORS should: * Maintain an up to date list of valid users and administrators. Remove all non-essential accounts. * Use audit tools on a regular basis to check for unusual login times, remote connections originating from unfamiliar systems, file accesses incompatible with the job description of the user, and any other suspicious activity. * Unauthorized increase in a user's privilege level. * Limit access to, and frequently change the root password. Passwords should be alphanumeric and include punctuation marks. * Use one time password mechanisms when and where ever possible. * Receive ASSIST bulletins in a timely manner, and implement all security recommendations made by ASSIST. NOTE: Suspicious or unusual activity is often the result of user error, or valid work related requirements, and plausible explanations should be explored before initiating an in-depth investigation of an event. WHENEVER ANY SUSPECT ACTIVITY IS ENCOUNTERED WHICH CAN NOT BE EXPLAINED, CONTACT ASSIST AT (703) 756-7974 DSN 289, OR 800-SKY-PAGE PIN 2133937. --------------- CUT HERE ---------------- The intruders exploit Unix vulnerabilities to gain root access, and install network monitoring ("sniffer") software that records the first 128 characters of each login, telnet, and FTP session seen on the local network segment. The captured data, which is saved to a file and later used to access other systems, includes the name of the destination host, username, and password. The sniffers involved in recent attacks have been installed on Unix systems running SunOS 4.x, but nearly all networked computers have the capability to monitor network traffic. The intruders typically gain initial access to systems using one of the following techniques: * Retrieve the password file via TFTP on improperly configured systems (see ASSIST 92-09, 92-59). * Retrieve the password file from systems running insecure versions of NIS (see ASSIST 93-01, 93-11, 93-26Add). * Gain access to the local file systems via NFS mount points exported without restrictions (see ASSIST 92-37, 92-67). * Use a login name and password captured by a sniffer running on another system (see ASSIST 94-02). * Exploiting Sendmail vulnerabilities (see ASSIST 93-31). After gaining access to a system, the intruders then gain root privilege by exploiting common, well documented vulnerabilities such as Sun Sparc integer division (see ASSIST 92-27), loadmodule (see ASSIST 93-33), rdist (see ASSIST 94-08), /etc/utmp (see ASSIST 94-10), or using a root password captured by the sniffer. Trojan Horse replacements are then installed for at least one of the following system files to hide the intruders presence on the system: * /bin/login * /usr/etc/in.telnetd * /usr/kvm/ps * /usr/ucb/netstat * /usr/etc/ifconfig IMPACT: Security problems that are not corrected according to ASSIST bulletin instructions allow intruders to get root access and install sniffer programs. The Trojan Horses give the intruder continued access to a system and/or hide the intruders' activities. RECOMMENDED SOLUTIONS: 1. The integrity of key system files should be verified using the database of MD5 checksums listed in Appendix B of this bulletin. The checksums can be used to verify the integrity of SunOS system files which have been modified by intruders with root access. To further complicate the matter, intruders are modifying files such that the modified files have the same checksum as the original file. This is possible because the standard "sum" program that comes with most UNIX systems was designed to detect accidental modifications to files, and is not able to prevent deliberate attempts to yield a specific checksum. The MD5 algorithm by RSA Data Security, Inc. is specifically designed to provide checksums that cannot be deliberately spoofed. ASSIST strongly recommends that sites install the MD5 software and use it to validate the integrity of system software files. The MD5 algorithm is in the public domain, and there are several programs available to implement it. The algorithm is documented in RFC 1321, and the source code has been extracted and is available from the ASSIST BBS "MD5" file area, and via anonymous FTP from the assist.ims.disa.mil (IP 137.130.234.30) /pubs/tools/md5 directory. See ASSIST INFORMATION RESOURCES below for ASSIST BBS and FTP information. The md5check program listed in Appendix A of will check the integrity of a number of system files. If the checksum does match, you can be confident that particular file has not been modified. If the checksum DOES NOT MATCH, consider the following as possible reasons: * The file may be legitimate but not included in this database (the database is not complete). To check this possibility, compare the file against the original distribution media. You may want to add the correct checksum to your copy of the database. * You may have made local modifications to the file at your site. To check this possibility, compare the file to a known good version. You may want to add the correct checksum to your copy of the database. * The file may be a Trojan horse installed by an intruder. Replace this file with a known good version, and contact ASSIST for guidance on checking for additional signs of compromise. NOTE: Before replacing the Trojan Horse with a clean version, make a copy of the compromised file and send it to ASSIST for analysis. 2. Check your systems for the promiscuous mode network interface used by the sniffer software to examine network packets. See ASSIST 94-02 for detailed sniffer detection information. 3. Scan file systems for any unusual directories or files. Look for unusual names like ".. " (dot dot space space) or " " (space). A useful technique for locating such files is to examine the file system for files that have recently changed. For example, the command find / -ctime -7 -print will locate all files that have changed in the last 7 days. 4. Verify that all applicable security patches have been installed. These patches will limit the amount of damage that is possible, even if an intruder has captured a password for the system. Appendix C lists all SunOS security patches released as of March 18, 1994. 5. DoD sites are encouraged to obtain and run the Security Profile Inspector (SPI) program for Unix systems. See ASSIST bulletin 93-35 for information about acquiring SPI from ASSIST. 6. Users should have different passwords for each account and each system, especially remote systems. Passwords must be changed frequently on systems accessed over networks. ASSIST is an element of the Defense Information Systems Agency (DISA), Center for Information Systems Security (CISS), that provides service to the entire DoD community. If you are a constituent of the DoD and have any questions about ASSIST or computer security issues, contact ASSIST using one of the methods listed below. If your organization/institution is non-DoD, contact your Forum of Incident Response and Security Teams (FIRST) representative. You can obtain a list of FIRST member organizations and their constituencies by sending email to docserver@first.org with an empty "subject" line and a message body containing the line "send first-contacts". ASSIST INFORMATION RESOURCES: If you would like to be included in the distribution list for these bulletins, send your Milnet (Internet) e- mail address to assist-request@assist.ims.disa.mil. Back issues of ASSIST bulletins, and other security related information, are available from the ASSIST BBS at 703-756-7993/ 1154 DSN 289, and through anonymous FTP from assist.ims.disa.mil (IP address 137.130.234.30). Note: assist.ims.disa.mil will only accept anonymous FTP connections from Milnet addresses that are registered with the NIC or DNS. ASSIST contact information: PHONE: 703-756-7974, DSN 289, duty hours are 06:00 to 22:30 EST Monday through Friday. During off duty hours, weekends, and holidays, ASSIST can be reached via pager at 800-SKY-PAGE (800-759-7243) PIN 2133937. Your page will be answered within 30 minutes, however if a quicker response is required, prefix your phone number with "999". ELECTRONIC MAIL: Send to assist@assist.ims.disa.mil. ASSIST BBS: Leave a message for the "sysop". Privacy Enhanced Mail (PEM): ASSIST uses PEM, a public key encryption tool, to digitally sign all bulletins that are distributed through e-mail. The section of seemingly random characters between the "BEGIN PRIVACY-ENHANCED MESSAGE" and "BEGIN ASSIST BULLETIN" contains machine-readable digital signature information generated by PEM, not corrupted data. PEM software for UNIX systems is available from Trusted Information Systems (TIS) at no cost, and can be obtained via anonymous FTP from ftp.tis.com (IP 192.94.214.96). The TIS software is just one of several implementations of PEM currently available and additional versions are likely to be offered from other sources in the near future. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by ASSIST. The views and opinions of authors expressed herein shall not be used for adverstising or product endorsement purposes. - -------------------------------------------------------------------- Appendix A: "md5check" The following program is a "nawk" script that can be run against the list of checksums "md5_sun.v1" in Appendix B: % nawk -f md5check md5_sun.v1 This program along with a man page and the database below, are available by anonymous FTP from info.cert.org in the "pub/tools/md5check" directory. Filename MD5 Checksum -------- ----------------------------- md5check 99108ab5a6007164a910626bbcc5888f md5_sun.v1 780a0f1f3717819c59135716e5f6a1ce - ------- Cut Here ------- # "md5check" version 1 (3/17/94) BEGIN { FS = "[ \t]*:[ \t]*"; } # Print notices from the configuration file /^##/ { print substr ($0, 3); next; } # Only handle MD5 checksums currently /^md5/ { source = sprintf("%-7s %-8s %-6s %s", $2, $3, $5, $4); file = $6; sum = hex_lower($7); if (md5[file] == "") { print "Checking", file; testcmd = "test -r " file; if ( system(testcmd) != 0 ) { print " Could not open", file; print " Could not open", file; md5[file] = "x"; next; } else { md5cmd = "md5 " file md5cmd | getline md5[file]; close (md5cmd); # Strip off any leading text and set to lowercase sub(".*[ \t]", "", md5[file]); md5[file] = hex_lower(md5[file]); } } if (md5[file] == "x" || file in matched) { # Could not open or already matched next; } if (md5[file] == sum) { # We have a match - remember which one matched[file] = source; num_match++; if (file in not_matched) { num_no_match--; delete not_matched[file]; } } else { if (! (file in not_matched)) { num_no_match++; not_matched[file] = 1; } } } END { printf "\n%d files DID NOT MATCH a known checksum\n", num_no_match; printf "%d files did match a known checksum\n", num_match; print "\nThe following files DID NOT MATCH a known checksum"; for (filename in not_matched) { printf "\t%s\n", filename; } print "\nThe following files did match a known checksum"; for (filename in matched) { printf "\t%s\n\t\t%s\n", filename, matched[filename]; } } function hex_lower(s) { gsub("A","a",s); gsub("B","b",s); gsub("C","c",s); gsub("D","d",s); gsub("E","e",s); gsub("F","f",s); return s } - ------- Cut Here ------- Appendix B: "md5_sun.v1" ## Checksum Table for Selected SunOS Binary Files (v1: 3/17/94) ## ## PLEASE NOTE: The entries included in this table do not represent complete ## coverage of all released versions of these files. ## In particular, checksum data for outdated patch releases is ## limited. ## ## Failure to match a checksum for a given file does not ## necessarily indicate the presence of a Trojan binary. ## Failure indicates that the file's checksum did not match any ## contained in this table. The file's authenticity should be ## verified against distribution media or local modifications. ## ## Success at matching a file's checksum indicates that the ## corresponding file is free from tampering. ## # (MD5 is the RSA Data Security, Inc. Message Digest Algorithm) # # format of data # # XSUMTYPE:OSNAME:OSVERSION:SOURCE:ARCH:FILE:XSUM #/bin/login md5:SunOS:4.1:100201-06:sun3:/bin/login:00d95a04ecce2193b9c6e16516d 37855 md5:SunOS:4.1:100201-06:sun4:/bin/login:e746fed42be0433a53cce082acf ee23c md5:SunOS:4.1:100630-01:sun3:/bin/login:11d5ed4445face25642100ec0ab 1ed3c md5:SunOS:4.1:100630-01:sun4:/bin/login:b6d013403c54949c0e476afd966 ef261 md5:SunOS:4.1.1:Original Dist:sun3:/bin/login:073d378264f25245c154be8a12f208e9 md5:SunOS:4.1.1:Original Dist:sun4:/bin/login:92611eb1ef1f221c1e9c76db8da44a99 md5:SunOS:4.1.1:100201-06:sun3:/bin/login:00d95a04ecce2193b9c6e1651 6d37855 md5:SunOS:4.1.1:100201-06:sun4:/bin/login:e746fed42be0433a53cce082a cfee23c md5:SunOS:4.1.1:100630-01:sun3:/bin/login:11d5ed4445face25642100ec0 ab1ed3c md5:SunOS:4.1.1:100630-01:sun4:/bin/login:b6d013403c54949c0e476afd9 66ef261 md5:SunOS:4.1.1:100632-06:sun4:/bin/login:12c4b39cb94b8dcdad0a10e1c 59345c6 md5:SunOS:4.1.1:100633-01:sun4:/bin/login:9634cda7a353d0043a22ad2b0 eebaab2 md5:SunOS:4.1.2:Original Dist:sun4:/bin/login:637503c0e2b46791820609d87629db91 md5:SunOS:4.1.2:100630-01:sun4:/bin/login:b6d013403c54949c0e476afd9 66ef261 md5:SunOS:4.1.2:100631-01:sun3:/bin/login:65d1e270fbb13984f5e0036b9 e4a1011 md5:SunOS:4.1.2:100631-01:sun4:/bin/login:976a0431dbd23ec1535c1679e 215095b md5:SunOS:4.1.2:100632-06:sun4:/bin/login:12c4b39cb94b8dcdad0a10e1c 59345c6 md5:SunOS:4.1.2:100633-01:sun4:/bin/login:9634cda7a353d0043a22ad2b0 eebaab2 md5:SunOS:4.1.3:100630-02:sun3:/bin/login:11d5ed4445face25642100ec0 ab1ed3c md5:SunOS:4.1.3:100630-02:sun4:/bin/login:b6d013403c54949c0e476afd9 66ef261 md5:SunOS:4.1.3:100632-06:sun4:/bin/login:12c4b39cb94b8dcdad0a10e1c 59345c6 md5:SunOS:4.1.3:Original Dist:sun4:/bin/login:e88e84d228d05e8f54a0d57d62d0710d md5:SunOS:4.1.3c:Original Dist:sun4:/bin/login:e88e84d228d05e8f54a0d57d62d0710d md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/bin/login:4e437a85e05f886ff5082ac58108d882 #/usr/kvm/ps md5:SunOS:4.1.1:Original Dist:sun3x:/usr/kvm/ps:ac96820499c2da78d65700e230f66df2 md5:SunOS:4.1.1:Original Dist:sun3:/usr/kvm/ps:b4633eed82815a233d2ca8d8df8d655e md5:SunOS:4.1.1:Original Dist:sun4:/usr/kvm/ps:390ef406ba27b1d591ba6f281986369b md5:SunOS:4.1.1:Original Dist:sun4c:/usr/kvm/ps:cb58a8259ff580389b115b7861793b48 md5:SunOS:4.1.2:Original Dist:sun4:/usr/kvm/ps:efca4ca10a088e557c6c69695dadcfa6 md5:SunOS:4.1.2:Original Dist:sun4c:/usr/kvm/ps:9d489c87d709a540aced718a04e38e11 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/kvm/ps:e9e364f3936a5b16d7e2fb812d11e475 md5:SunOS:4.1.2:100981-02:sun4:/usr/kvm/ps:86b8b5eb7212c94c9c570cd2 0c9af2ae md5:SunOS:4.1.2:100981-02:sun4c:/usr/kvm/ps:4871287498c0ab7b17d9784 8ebe34d15 md5:SunOS:4.1.2:100981-02:sun4m:/usr/kvm/ps:97cc063bafa6aaf032cb1b6 7b444c5a8 md5:SunOS:4.1.3:Original Dist:sun4:/usr/kvm/ps:226ab466429f5d4de4f6a108bae1c518 md5:SunOS:4.1.3:Original Dist:sun4c:/usr/kvm/ps:83b369e5d8c34db4d5d6725140d0b216 md5:SunOS:4.1.3:100981-02:sun4:/usr/kvm/ps:a4809a70e66b415bae8a165d c4ffb185 md5:SunOS:4.1.3:100981-02:sun4c:/usr/kvm/ps:cf10e206de67755e801e4c9 d96c239a9 md5:SunOS:4.1.3:100981-02:sun4m:/usr/kvm/ps:d6237550748855bee17ce96 465cd1331 md5:SunOS:4.1.3_u1:Original Dist:sun4m:/usr/kvm/ps:92c3b1495ab80446ddb6979c890cee58 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/kvm/ps:b14b75017dfe75ea1b89d147c6b49cb7 md5:SunOS:4.1.3_u1:Original Dist:sun4c:/usr/kvm/ps:e24eab973f1b1cfd6bf5b54310a2207f md5:SunOS:4.1.3_u1:101442-01:sun4:/usr/kvm/ps:174731efb18020dacde9f 205ad04a4bf #/usr/etc/in.telnetd md5:SunOS:4.0.3:100125-05:sun3:/usr/etc/in.telnetd:dce91901f9fd15f7 f6f6c94fb7824428 md5:SunOS:4.0.3:100125-05:sun4:/usr/etc/in.telnetd:2e67031ad7984c22 cfacc8a0b4c3d6ee md5:SunOS:4.0.3c:100125-05:sun4c:/usr/etc/in.telnetd:943574a9befb9f ac3fce2fc111f68d51 md5:SunOS:4.1:100125-05:sun3:/usr/etc/in.telnetd:2544753907d24a699c 9cdfddcab0d2e3 md5:SunOS:4.1:100125-05:sun3x:/usr/etc/in.telnetd:3af506b9b02b6a299 f5e081c3abfce1f md5:SunOS:4.1:100125-05:sun4:/usr/etc/in.telnetd:5448303462518cca83 90a84b5f312abe md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.telnetd:333ffc49f21e675f3099772661549b7d md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/in.telnetd:7706ba7270a28f3470ccbe965f8fc7a1 md5:SunOS:4.1.1:100125-05:sun3:/usr/etc/in.telnetd:c4dca8a653f60fea ed63a25786aee2ed md5:SunOS:4.1.1:100125-05:sun3x:/usr/etc/in.telnetd:6c409bd315711aa e29b8285ffc4bb90c md5:SunOS:4.1.1:100125-05:sun4:/usr/etc/in.telnetd:29f24e09ffebc36f b14f9fee4bf2d6fc md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.telnetd:333ffc49f21e675f3099772661549b7d md5:SunOS:4.1.1:Original Dist:sun4c:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/in.telnetd:913095f91bbf06e98635f964951e0e2d md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/in.telnetd:b94ac90e4fe63f1c7a0199a27a7c4d80 md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/in.telnetd:b94ac90e4fe63f1c7a0199a27a7c4d80 md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/in.telnetd:831c59628b1197c612f19289a786eaeb #/usr/etc/ifconfig md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/ifconfig:0da82be29c7173759316f51417fb420a md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/ifconfig:47d6e495207cc2b7037bd94a12cf565b md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/ifconfig:de44e217c94fa4f4c6fdfbcae419cb8b md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/ifconfig:de44e217c94fa4f4c6fdfbcae419cb8b md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/ifconfig:22d9340368aec82ebdd63518613bc6ab #/usr/lib/libc.a md5:SunOS:4.1.1:100267-09:sun3:/usr/5lib/libc.a:af8a721ca332754cdff 2a1f1b74b8e8f md5:SunOS:4.1.1:100267-09:sun3:/usr/5lib/libc_p.a:1b930986afb11494b 4e1e0fd4f9540b0 md5:SunOS:4.1.1:100267-09:sun3:/usr/lib/libc.a:6b0ff2e11f3042d453ee 502787ac29d7 md5:SunOS:4.1.1:100267-09:sun3:/usr/lib/libc_p.a:ad9bd3c42db06fb0c4 5674eaafc5c4f8 md5:SunOS:4.1.1:100267-09:sun4:/usr/5lib/libc.a:8c396b0695abb59fea6 6bc6615d9f101 md5:SunOS:4.1.1:100267-09:sun4:/usr/5lib/libc_p.a:d98a993e3f6c308f3 679690dd4f5e8d7 md5:SunOS:4.1.1:100267-09:sun4:/usr/lib/libc.a:da7c2504a1cb5073d7e9 bb7de580db32 md5:SunOS:4.1.1:100267-09:sun4:/usr/lib/libc_p.a:9879d72df71d9956f6 2f058ddf70d0f8 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/5lib/libc.a:4daced1b11335f613bf7a5792bfeff77 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/5lib/libc_p.a:bd2037193776678e48324f523064b95b md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/lib/libc.a:ae4bcb481e7267c1def082ed6acf4bd9 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/lib/libc_p.a:696c03eb30c696b712f38907d3c2ee45 md5:SunOS:4.1.1:Original Dist:sun4:/usr/5lib/libc.a:68686e4ed99b5dcf98ac4e3350ff6645 md5:SunOS:4.1.1:Original Dist:sun4:/usr/lib/libc.a:cbba2b6e294f0087a0b9116290946d46 md5:SunOS:4.1.1:Original Dist:sun3:/usr/5lib/libc.a:89b9040707c28810554dfaca6993e7d0 md5:SunOS:4.1.1:Original Dist:sun3:/usr/lib/libc.a:15d385b850be70a30077e66b67dc5f09 md5:SunOS:4.1.2:Original Dist:sun4:/usr/5lib/libc.a:e7ab3d2658611114833f25a4279db158 md5:SunOS:4.1.2:Original Dist:sun4:/usr/lib/libc.a:f95fabcdbaaf34ac3da6174e635724e3 md5:SunOS:4.1.3:Original Dist:sun4:/usr/5lib/libc.a:c6669804e4def2e1e49ad5628c52ee75 md5:SunOS:4.1.3:Original Dist:sun4:/usr/lib/libc.a:ab06bfd723df7802d25291576736ce23 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/5lib/libc.a:5ef2ccf958dc6734c3e412127884c559 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/lib/libc.a:6f5d5c343b262c03a3f976d2830f4d06 md5:SunOS:4.1.1:Original Dist:sun4:/usr/5lib/libc_p.a:21766ed7fdb431bb0435e48ea0764d42 md5:SunOS:4.1.1:Original Dist:sun4:/usr/lib/libc_p.a:709d9a093b637e64234a03f1c48583e7 md5:SunOS:4.1.1:Original Dist:sun3:/usr/5lib/libc_p.a:3e3fcdfeb1636c708f1a2fec14c13b9f md5:SunOS:4.1.1:Original Dist:sun3:/usr/lib/libc_p.a:18f6043209f019ec58e50ab4f4771d40 md5:SunOS:4.1.2:Original Dist:sun4:/usr/5lib/libc_p.a:c0b13f61038a198e6be3c09e137dee0e md5:SunOS:4.1.2:Original Dist:sun4:/usr/lib/libc_p.a:a40b2af6cde4734289f06d8325c8cf2e md5:SunOS:4.1.3:Original Dist:sun4:/usr/5lib/libc_p.a:bb06ddd972dd5549a3d6cc38a9537893 md5:SunOS:4.1.3:Original Dist:sun4:/usr/lib/libc_p.a:72c8bee2000b2562225077784ea61bac md5:SunOS:4.1.3c:Original Dist:sun4:/usr/5lib/libc_p.a:8ccee0cc285a298c713b8bace38da815 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/lib/libc_p.a:157a7dc7a8fc77f1a5a06a85d3bab16c #/usr/kvm/pstat md5:SunOS:4.1.1:Original Dist:sun3x:/usr/kvm/pstat:a131828d02092ab56e98ac8d63b1125d md5:SunOS:4.1.1:Original Dist:sun4:/usr/kvm/pstat:6de82bb539b54c2bd0be79dfc7712507 md5:SunOS:4.1.1:Original Dist:sun4c:/usr/kvm/pstat:5e6058397f8e86df7456e36ad54f9b1e md5:SunOS:4.1.2:Original Dist:sun4c:/usr/kvm/pstat:a1cfc4f23be423aede09e23bcbf6268a md5:SunOS:4.1.2:Original Dist:sun4m:/usr/kvm/pstat:c2abc2313450cfd72ccd93448fef967b md5:SunOS:4.1.3:Original Dist:sun4:/usr/kvm/pstat:0076043c06cd24ae927128f02da9b935 md5:SunOS:4.1.3:Original Dist:sun4c:/usr/kvm/pstat:225d4542b70f15af39c96a4d3b48a631 md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/kvm/pstat:e3a519a93a8b6a02fd6c64a6b3db476d md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/kvm/pstat:2a1cbf06988208179adf132349c3a403 md5:SunOS:4.1.3_u1:Original Dist:sun4m:/usr/kvm/pstat:2f3af3afbfa5942575bbcb02b13ebac1 md5:SunOS:4.1.3_u1:Original Dist:sun4c:/usr/kvm/pstat:d15776947e0d60fc7d5ae755f65e779b #/usr/etc/in.ftpd md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.ftpd:7ff869b0d0eeec61b08a81a085759681 md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/in.ftpd:7a17e92251d08c56d001a1f5654fcb35 md5:SunOS:4.1.1:Original Dist:sun4c:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/in.ftpd:8b1bfb5ba15d2898fffa373b1005e7ff md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/in.ftpd:79a29ae3f1deb02efb743d9cd39f6f2f md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/in.ftpd:79a29ae3f1deb02efb743d9cd39f6f2f md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/in.ftpd:3e8f757252dd562ad80ae79e78d06fb7 #/usr/etc/in.rexecd md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.rexecd:4d9811877f622348dd454172fbb40a66 md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/in.rexecd:6d9f39193ac39bc9680a4fb44fdfb50f md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/in.rexecd:37316f4d63faa445ea448ec7c670f94f md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/in.rexecd:37316f4d63faa445ea448ec7c670f94f md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/in.rexecd:be66f45bb60f31aaa23377f23c66caca #/usr/etc/in.rshd md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.rshd:17f91e72bbf70d5cf3e75a3068d5c461 md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/in.rshd:a4eb9385df064b9a751ede87fd0804a2 md5:SunOS:4.1.1:Original Dist:sun4c:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/in.rshd:e45ab7d2dc4c3e7346292f85259c0432 md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/in.rshd:686c2bb25752e6bec5090e2732a46207 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/in.rshd:686c2bb25752e6bec5090e2732a46207 md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/in.rshd:e5ca89c51427d917690fbcc1395507b4 #/usr/etc/in.tftpd md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.tftpd:ccec1773e5945a0b8397a74ec07112df md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/in.tftpd:e6b495aec9b8a24f5e58ebc19fd1eec7 md5:SunOS:4.1.1:Original Dist:sun4c:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/in.tftpd:4b924bda12c61674771c84caa0fa1e80 md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/in.tftpd:bfaf4492223126181ca9333220cbcf02 md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/in.tftpd:bfaf4492223126181ca9333220cbcf02 md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/in.tftpd:0ff3883f2b99f06d4f897347c58a79d9 #/usr/etc/inetd md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/inetd:0764c23ac95b4ea5a8683c8761337485 md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/inetd:e6054cbb343d21791c6457e78822d5f1 md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/inetd:c3a923cbf5023b48ffdef3d043190a81 md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/inetd:c3a923cbf5023b48ffdef3d043190a81 md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/inetd:722d3e46a2f8e52ffadd7450fbbd1438 #/usr/bin/newgrp md5:SunOS:4.1.1:Original Dist:sun3:/usr/bin/newgrp:e3d6e9d43345372f5aa0d5c96570b155 md5:SunOS:4.1.1:Original Dist:sun4:/usr/bin/newgrp:d3749b2a6e99f14feede9430d1feee46 md5:SunOS:4.1.2:Original Dist:sun4:/usr/bin/newgrp:875e7cf58cec91c6fb44ec6e5d89ef0f md5:SunOS:4.1.3:Original Dist:sun4:/usr/bin/newgrp:7c0aad251ccb8de9c050d53c823f334f md5:SunOS:4.1.3c:Original Dist:sun4:/usr/bin/newgrp:7c0aad251ccb8de9c050d53c823f334f md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/bin/newgrp:04edbbb4d06bf056c4959d3b85560fe6 #/usr/bin/passwd md5:SunOS:4.1.1:Original Dist:sun3:/usr/bin/passwd:11499df2dfc4f75c5466e09b64fe1097 md5:SunOS:4.1.1:Original Dist:sun4:/usr/bin/passwd:d4e3ee198d6e3934bc2356ce495e77c7 md5:SunOS:4.1.2:Original Dist:sun4:/usr/bin/passwd:2dcec1f0e106354a85058f4c2c66e2bd md5:SunOS:4.1.3:Original Dist:sun4:/usr/bin/passwd:6fdb875b621de4dbffab6f6782ec2ba3 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/bin/passwd:6fdb875b621de4dbffab6f6782ec2ba3 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/bin/passwd:97f3231b48d6e29b829357b72043aadc #/usr/bin/su md5:SunOS:4.1.1:Original Dist:sun3:/usr/bin/su:829e4e39edc3a8d299f5525c866dc324 md5:SunOS:4.1.1:Original Dist:sun4:/usr/bin/su:94b0bc99dcb9dcdbc3e8ece7e127a906 md5:SunOS:4.1.2:Original Dist:sun4:/usr/bin/su:23fe0a40ec522c5add89cd6ab2731170 md5:SunOS:4.1.3:Original Dist:sun4:/usr/bin/su:0d2f5665c9befdf2f7aeafa4d77266bb md5:SunOS:4.1.3c:Original Dist:sun4:/usr/bin/su:0d2f5665c9befdf2f7aeafa4d77266bb md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/bin/su:c49812d55df4712194f832f099d40aa7 #Shared Libraries md5:SunOS:4.1.1:Original Dist:sun4:/usr/5lib/libc.so.2.6:1d66abbac68785d6f8fa8ff53200845e md5:SunOS:4.1.1:Original Dist:sun4:/usr/lib/libc.so.1.6:d4dc2514248834d95ee6b5c77a7eda86 md5:SunOS:4.1.1:Original Dist:sun3:/usr/5lib/libc.so.1.15:26c5c2e8b147f3f6d96bdff369853cad md5:SunOS:4.1.1:Original Dist:sun3:/usr/lib/libc.so.0.15:2262f263e711bff2bd4d9d6f87ea5edd md5:SunOS:4.1.2:Original Dist:sun4:/usr/5lib/libc.so.2.7:b1e624d4293907511e4ee9e8e77e74dd md5:SunOS:4.1.2:Original Dist:sun4:/usr/lib/libc.so.1.7:76c095597088ee5bc82a2c1ce0a419ce md5:SunOS:4.1.3:Original Dist:sun4:/usr/5lib/libc.so.2.8:d3c8366dca51488864cc8d80c106f190 md5:SunOS:4.1.3:Original Dist:sun4:/usr/lib/libc.so.1.8:aabfb3300f2d872cdc6d9fb10514e246 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/5lib/libc.so.2.8:af3584319d80525c2ca8e8ea8920d131 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/lib/libc.so.1.8:91a8dde1c328e474ec08557c211a4dcb md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/5lib/libc.so.2.9:722852b7e5df15de70e3c1a1f96c04d9 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/lib/libc.so.1.9:2d5bc65422472f7d4119712ccf795bf3 - -------------------------------------------------------------------- Appendix C: "SunOS security patches" Solaris and SunOS Security Patch Information For information about rdist see ASSIST 94-08. For information about integer division under SunOS see ASSIST 92-27. Security related patches have been grouped by SunOS version and are detailed below. ASSIST recommends the installation of any applicable patches that either are not currently present on a system or are present in the form of an older version of the patch. SunOS security patches are available through both your Sun Answer Center and anonymous FTP. In the U.S., ftp to ftp.uu.net (IP address 192.48.96.9) and retrieve the patches from the directory /systems/sun/sun-dist. In Europe, ftp to ftp.eu.net (IP address 192.16.202.2) and retrieve the patches from the /sun/fixes directory. The patches are contained in compressed tarfiles with filenames based on the ID number of the patch (e.g. patch 100085-03 is contained in the file 100085-03.tar.Z), and must be retrieved using FTP's binary transfer mode. After obtaining the patches, compute the checksum of each compressed tarfile and compare with the values indicated below. For example, the command "/usr/bin/sum 100085-03.tar.Z" should return "44177 740". Please note that Sun Microsystems occasionally updates patch files, resulting in a changed checksum. If you should find a checksum that differs from those listed below, please contact Sun Microsystems or ASSIST for verification before using the patch. The patches may be extracted from the compressed tarfiles using the commands uncompress and tar. For example, to extract patch 100085-03 from the compressed tarfile 100085-03.tar.Z, execute the commands "uncompress 100085-03.tar.Z" and "tar -xvf 100085-03.tar". For specific instructions regarding the installation of a particular patch, consult the README file accompanying each patch. As multiple patches may affect the same files, it is recommended that patches be installed chronologically by revision date, with the exception of patches for which an explicit order is specified. ======================= SunOS 5.3 (Solaris 2.3) ======================= Patch ID Last Revised Checksum Description - -------- ------------ --------- - ------------------------------------- 101371-03 23-Dec-93 51272 377 sendmail vulnerabilities ======================= SunOS 5.2 (Solaris 2.2) ======================= Patch ID Last Revised Checksum Description - -------- ------------ --------- - ------------------------------------- 101090-01 28-Jun-93 44985 54 expreserve can overwrite any file 101301-01 21-Oct-93 4703 779 tar archives may contain extraneous info 101077-06 23-Dec-93 28185 358 sendmail vulnerabilities ======================= SunOS 5.1 (Solaris 2.1) ======================= Patch ID Last Revised Checksum Description - -------- ------------ --------- - ------------------------------------- 100833-02 12-Jan-93 24412 309 C2 auditing missing in some programs 100840-01 12-Jan-93 25050 220 sendmail bypasses mailhost 100884-01 12-Feb-93 63299 5220 Security fixes for sun4m machines 101089-01 28-Jun-93 4501 54 expreserve can overwrite any file 100975-02 21-Oct-93 13460 747 tar archives may contain extraneous info 100840-06 23-Dec-93 61100 390 sendmail vulnerabilities ======================= SunOS 5.0 (Solaris 2.0) is no longer supported (upgrade is essential for ======================= security) =========== SunOS 4.1.3 =========== Patch ID Last Revised Checksum Description - -------- ------------ --------- - ------------------------------------- 100478-01 14-Feb-92 64588 58 OpenWindows 3.0 xlock vulnerability 100296-04 18-Jun-92 15271 40 File systems exported incorrectly 100507-04 3-Sep-92 57590 61 tmpfs file system vulnerability 100372-02 8-Sep-92 22739 712 tfs fails under C2 100103-11 29-Sep-92 19847 6 Permissions incorrect on many files 100567-04 27-Oct-92 15728 11 ICMP packets can be forged 100564-05 11-Nov-92 00115 824 C2 jumbo patch 100482-04 16-Nov-92 06594 342 ypserv will send NIS maps to anyone 100513-02 2-Dec-92 34315 483 Console can be redirected 100623-03 11-Dec-92 56063 141 NFS file handles can be guessed 100173-10 7-Jan-93 48086 788 NFS jumbo patch 100383-06 26-Jan-93 58984 121 rdist can create setuid root files 100452-28 29-Jan-93 07299 1688 cmdtool may reveal passwords 100305-11 12-Feb-93 38582 500 The lp daemon can delete system files 100891-01 19-Feb-93 33195 3075 Netgroup and xlock vulnerabilities 100224-06 5-Mar-93 57647 54 mail and rmail can invoke root shells 101080-01 9-Jun-93 45221 13 expreserve can overwrite any file 100448-02 15-Dec-93 19410 5 OpenWindows 3.0 loadmodule hole 101200-02 15-Dec-93 41677 28 Security hole in modload 100377-08 23-Dec-93 05320 755 sendmail vulnerabilities 100593-03 17-Mar-94 52095 242 dump vulnerabilities 100272-07 17-Mar-94 26553 39 in.comsat vulnerabilities 101480-01 17-Mar-94 47917 44 in.talkd vulnerabilities 101481-01 17-Mar-94 46562 80 shutdown vulnerabilities 100909-02 17-Mar-94 61539 108 syslogd vulnerabilities 101482-01 17-Mar-94 61148 41 write vulnerabilities =========== SunOS 4.1.2 =========== Patch ID Last Revised Checksum Description - -------- ------------ --------- - ------------------------------------- 100184-02 14-Dec-90 06627 33 OpenWindows 2.0 vulnerability 100478-01 14-Feb-92 64588 58 OpenWindows 3.0 xlock vulnerability 100630-01 18-May-92 28074 39 Environment variables vulnerability 100633-01 22-May-92 33264 20 Environment variables with Sun's ARM 100296-04 18-Jun-92 15271 40 File systems exported incorrectly 100376-04 16-Jul-92 12884 100 Integer division vulnerability 100507-04 3-Sep-92 57590 61 tmpfs file system vulnerability 100372-02 8-Sep-92 22739 712 tfs fails under C2 100103-11 29-Sep-92 19847 6 Permissions incorrect on many files 100567-04 27-Oct-92 15728 11 ICMP packets can be forged 100564-05 11-Nov-92 00115 824 C2 jumbo patch 100482-04 16-Nov-92 06594 342 ypserv will send NIS maps to anyone 100513-02 2-Dec-92 34315 483 Console can be redirected 100623-03 11-Dec-92 56063 141 NFS file handles can be guessed 100173-10 7-Jan-93 48086 788 NFS jumbo patch 100383-06 26-Jan-93 58984 121 rdist can create setuid root files 100452-28 29-Jan-93 07299 1688 cmdtool may reveal passwords 100305-11 12-Feb-93 38582 500 The lp daemon can delete system files 100224-06 5-Mar-93 57647 54 mail and rmail can invoke root shells 101080-01 9-Jun-93 45221 13 expreserve can overwrite any file 100448-02 15-Dec-93 19410 5 OpenWindows 3.0 loadmodule hole 101200-02 15-Dec-93 41677 28 Security hole in modload 100377-08 23-Dec-93 05320 755 sendmail vulnerabilities 100593-03 17-Mar-94 52095 242 dump vulnerabilities 100272-07 17-Mar-94 26553 39 in.comsat vulnerabilities 101480-01 17-Mar-94 47917 44 in.talkd vulnerabilities 101481-01 17-Mar-94 46562 80 shutdown vulnerabilities 100909-02 17-Mar-94 61539 108 syslogd vulnerabilities 101482-01 17-Mar-94 61148 41 write vulnerabilities =========== SunOS 4.1.1 =========== Patch ID Last Revised Checksum Description - -------- ------------ --------- - ------------------------------------- 100085-03 5-Sep-90 44177 740 Sunview selection_svc vulnerability 100184-02 14-Dec-90 06627 33 OpenWindows 2.0 vulnerability 100125-05 8-Jul-91 41964 164 telnet permits password capture 100424-01 12-Nov-91 63070 50 NFS file handles can be guessed 100448-01 10-Dec-91 29285 5 OpenWindows 3.0 loadmodule hole 100478-01 14-Feb-92 64588 58 OpenWindows 3.0 xlock vulnerability 100630-01 18-May-92 28074 39 Environment variables vulnerability 100633-01 22-May-92 33264 20 Environment variables with Sun's ARM 100296-04 18-Jun-92 42492 40 File systems exported incorrectly 100376-04 16-Jul-92 12884 100 Integer division vulnerability 100507-04 3-Sep-92 57590 61 tmpfs file system vulnerability 100372-02 8-Sep-92 22739 712 tfs fails under C2 100103-11 29-Sep-92 19847 6 Permissions incorrect on many files 100567-04 27-Oct-92 15728 11 ICMP packets can be forged 100201-06 5-Nov-92 13145 164 C2 jumbo patch 100267-09 6-Nov-92 55338 5891 Netgroup membership check fails 100482-04 16-Nov-92 06594 342 ypserv will send NIS maps to anyone 100513-02 2-Dec-92 34315 483 Console can be redirected 100173-10 7-Jan-93 48086 788 NFS jumbo patch 100383-06 26-Jan-93 58984 121 rdist can create setuid root files 100452-28 29-Jan-93 07299 1688 cmdtool may reveal passwords 100305-11 12-Feb-93 38582 500 The lp daemon can delete system files 100224-06 5-Mar-93 57647 54 mail and rmail can invoke root shells 101080-01 9-Jun-93 45221 13 expreserve can overwrite any file 100448-02 15-Dec-93 19410 5 OpenWindows 3.0 loadmodule hole 101200-02 15-Dec-93 41677 28 Security hole in modload 100377-08 23-Dec-93 05320 755 sendmail vulnerabilities 100593-03 17-Mar-94 52095 242 dump vulnerabilities 100272-07 17-Mar-94 26553 39 in.comsat vulnerabilities 101480-01 17-Mar-94 47917 44 in.talkd vulnerabilities 101481-01 17-Mar-94 46562 80 shutdown vulnerabilities 100909-02 17-Mar-94 61539 108 syslogd vulnerabilities 101482-01 17-Mar-94 61148 41 write vulnerabilities ========= SunOS 4.1 ========= Patch ID Last Revised Checksum Description - -------- ------------ --------- - ------------------------------------- 100101-02 7-Aug-90 42872 34 ptrace security vulnerability 100085-03 5-Sep-90 44177 740 Sunview selection_svc vulnerability 100184-02 14-Dec-90 06627 33 OpenWindows 2.0 vulnerability 100125-05 8-Jul-91 41964 164 telnet permits password capture 100630-01 18-May-92 28074 39 Environment variables vulnerability 100376-04 16-Jul-92 12884 100 Integer division vulnerability 100103-11 29-Sep-92 19847 6 Permissions incorrect on many files 100567-04 27-Oct-92 15728 11 ICMP packets can be forged 100201-06 5-Nov-92 13145 164 C2 jumbo patch 100482-04 16-Nov-92 06594 342 ypserv will send NIS maps to anyone 100513-02 2-Dec-92 34315 483 Console can be redirected 100383-06 26-Jan-93 58984 121 rdist can create setuid root files 100452-28 29-Jan-93 07299 1688 cmdtool may reveal passwords 100305-11 12-Feb-93 38582 500 The lp daemon can delete system files 100121-09 24-Feb-93 57589 360 NFS jumbo patch 101080-01 9-Jun-93 45221 13 expreserve can overwrite any file 100448-02 15-Dec-93 19410 5 OpenWindows 3.0 loadmodule hole 101200-02 15-Dec-93 41677 28 Security hole in modload 100377-08 23-Dec-93 05320 755 sendmail vulnerabilities 100593-03 17-Mar-94 52095 242 dump vulnerabilities 100272-07 17-Mar-94 26553 39 in.comsat vulnerabilities 101480-01 17-Mar-94 47917 44 in.talkd vulnerabilities 101481-01 17-Mar-94 46562 80 shutdown vulnerabilities 100909-02 17-Mar-94 61539 108 syslogd vulnerabilities 101482-01 17-Mar-94 61148 41 write vulnerabilities ====================== SunOS 4.0.3c, 4.0.3, 4,0.2i, 4.0.2, and 4.0.1 are no longer supported ====================== (upgrade is essential for security) - ---------------------------------------------------------- -----END PRIVACY-ENHANCED MESSAGE-----