SUN MICROSYSTEMS SECURITY BULLETIN: #00115, 17 April 92 This information is only to be used for the purpose of alerting customers to problems. Any other use or re-broadcast of this information without the express written consent of Sun Microsystems shall be prohibited. Sun expressly disclaims all liability for any misuse of this information by any third party. --------------------------------------------------------------------------- Please note that the following contains updated information: All patches listed are available through your local Sun answer centers worldwide as well as through anonymous ftp: in the US, ftp to ftp.uu.net and obtain the patch from the /systems/sun/sun-dist directory; in Europe, ftp to mcsun.eu.net and obtain the patch from the ~ftp/sun/fixes directory. Note that Sun does not have direct access to mcsun.eu.net and must request that patches be copied from ftp.uu.net to mcsun.eu.net. Therefore, there may be a time lag before patches appear on mcsun.eu.net. Please refer to the BugId and PatchId when requesting patches from Sun answer centers. ---------------------------------------------------------------------------- BULLETIN TOPICS I. New Patches A. 100387-02 (100388-02), 4.1.1 BSM-C2 INTERNATIONAL (US_ENCRYPTION_KIT) version patch release B. 100478-01, OpenWindows V3: xlock crashes leaving system open C. 100564-01, 4.1.2 C2 Jumbo, rpc.yppasswdd rpc.pwdauthd II. Upgraded Patches - The patches below have been updated to reflect applicability to SunOS 4.1.2 A. 100188-02, TIOCCONS patch combines fix for 100414-01 B. 100296-02, rpc.mountd C. 100305-07, lpd/lpr, combines fixes for patch 100301-01 D. 100383-04, rdist E. 100448-01, OpenWindows 3.0, loadmodule ============================================================================== NEW PATCH INFORMATION Sun Patch ID: 100387-02 Sun Bug IDs: Not available SunOS release: 4.1.1 Synopsis: This 8.5 MByte patch provides many bug fixes and enhancements to the C2 and Basic Security Module. It obsoletes the 4.1.1 C2 Jumbo patch, 100201-04. Checksum of compressed tarfile 100387-02.tar.Z on ftp.uu.net = 07868 4400 Please note that the US_ENCRYPTION_KIT version BSM-C2 patch release (100388-02) cannot be loaded onto anonymous ftp sites because of export restrictions. Please contact your Answer Center for availability. BSM-C2 patches compatible with SunOS 4.1.2 are currently being developed and will be made available for distribution later this summer. Sun Patch ID: 100478-01 Sun Bug IDs: 1077337 SunOS release: 4.1.1, 4.1.2 Synopsis: xlock does not process keypresses quickly enough, posing a potential security problem. Checksum of compressed tarfile 100478-01.tar.Z on ftp.uu.net = 64588 58 Sun Patch ID: 100564-01 Sun Bug IDs: 1040334 1043667 1058378 1059261 1063796 SunOS release: 4.1.2 Synopsis: This is a port of the C2 Jumbo patch (100201-04) to SunOS 4.1.2. It is required if you wish to run C2 security on SunOS 4.1.2 machines. Problems fixed are: 1. yppasswd will not allow a user to change a password from the client, the yppasswdd daemon dies on the server (bug 1040334) 2. rpc.yppasswdd uses an incorrect lock file (bug 1043667) 3. rpc.pwdauthd logs cleartext passwords via auditd (bug 1058378) 4. NIS and C2 Security passwd.adjunct file can get overwritten by /etc/passwd (bug 1059261) 5. When running C2 with NIS, ypppasswd password changes from client system would take 5 minutes of delay before taking effect (bug 1063796) Checksum of compressed tarfile 100564-01.tar.Z on ftp.uu.net = 29774 415 ============================================================================== UPGRADED PATCH INFORMATION Sun Patch ID: 100188-02 Sun Bug IDs: 1008324 1040722 1070495 SunOS release: 4.1.1, 4.1.2 Synopsis: This patch combines 3 fixes: 1. TIOCCONS can be used to re-direct console output/input away from "console" (bug 1008324) 2. Kernel programs using pty can get output from previous application. (Formerly patch 100414-01, bug 1070495) 3. Process not letting go of a pty (bug 1040722) Checksum of compressed tarfile 100188-02.tar.Z on ftp.uu.net = 52332 132 Please note that patch 100414-01 has been obsoleted by this patch. Sun Patch ID: 100296-02 Sun Bug IDs: 2000680 1044852 1048890 SunOS release: 4.1.1, 4.1.2 Synopsis: The README file for this patch has been modified to reflect the patch's applicability to SunOS 4.1.2. Fixes: If the cached list of netgroups that a client is not a member of exceeds the cache capacity then the mount daemon will acknowledge the client's membership of any netgroup even if it is not a member. If the access list of hosts is a string under 256 chars then things work as expected, but if it is longer everyone can mount the filesystem. Additionally this patch also fixes a problem where the cached netgroup entry may contain groups from the previous mount. Checksum of compressed tarfile 100296-02.tar.Z on ftp.uu.net = 30606 23 Sun Patch ID: 100305-07 Sun Bug IDs: 1016437 1040453 1057834 1058003 1059620 1061504 1063772 1081850 1081968 SunOS release: 4.1, 4.1.1, 4.1.2 Synopsis: The patch integrates changes made by patch 100301-01 (BugId 1059620, lpr -r does not work on NFS mounted files) and fixes a new bug (BugId 1081850, lpr -r allows you to delete files without the proper permissions). The patch has also been updated to reflect applicability to SunOS 4.1.2. Checksum of compressed tarfile 100305-07.tar.Z on ftp.uu.net = 25894 283 Sun Patch ID: 100383-04 Sun Bug IDs: 1069497 1074961 SunOS release: 4.0.3, 4.1, 4.1.1, 4.1.2 Synopsis: /usr/ucb/rdist can be used to create setuid root programs. The patch has been modified to reflect the patch's applicability to SunOS 4.1.2. Checksum of compressed tarfile 100383-04.tar.Z on ftp.uu.net = 42306 113 Sun Patch ID: 100448-01 Sun Bug IDs: 1076118 SunOS release: 4.1.1, 4.1.2 Synopsis: OpenWindows 3.0: loadmodule is a security hole. The patch has been modified to reflect the patch's applicability to SunOS 4.1.2. Checksum of compressed tarfile 100448-01.tar.Z on ftp.uu.net = 02672 5 Sun Microsystems recommends that all customers concerned with the security of their SunOS systems obtain and load the patches that are applicable to their system(s). Kenneth L. Pon Sun Microsystems, Inc. Software Security Coordinator