[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SunOS : telnetd patch!

To: Dan Stromberg <strombrg@nis.acs.uci.edu>
Subject: SunOS : telnetd patch!
From: John Saska <jsaska@diablo.acs.uci.edu>
Date: Wed, 21 Aug 2002 10:55:06 -0700 (PDT)
Cc: jsaska@hydra.acs.uci.edu

Patch-ID# 110668-03
Keywords: security gettext telnetd TTYPROMPT remote buffer overflow
Synopsis: SunOS 5.8: /usr/sbin/in.telnetd patch
Date: Jan/18/2002

Solaris Release: 8

SunOS Release: 5.8

Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 110669

Topic: SunOS 5.8: /usr/sbin/in.telnetd patch

Relevant Architectures: sparc

BugId's fixed with this patch: 4366956 4375449 4483514 4516876 4523990 4527873

Changes incorporated in this version: 4483514 4523990 4527873

Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/sbin/in.telnetd

Problem Description:

4483514 in.telnetd vulnerable to buffer overflow ??
4523990 in.telnetd needs some cleanup
4527873 telnetd issues garbage before login prompt if BANNER in use
 
(from 110668-02)
 
4516876 in.telnetd should not accept TTYPROMPT from remote
 
(from 110668-01)
 
4366956 NLSPATH gettext introduces problems when used printf format specifier
4375449 dtmail crashes when calling catgets with NULL default message

Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-8 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
For additional examples please see the appropriate man pages.

Special Install Instructions:
----------------------------- 
 
         NOTE:    To get the complete fix for 4366956 (NLSPATH gettext
                  introduces problems when used printf format specifier),
                  we recommend installing the following patches:
 
                  110670-01 (or newer)   /usr/sbin/static/rcp patch
 
                  108991-06 (or newer)   /usr/lib/libc.a
                                         /usr/lib/libc.so.1
                                         /usr/lib/libp/libc.a
                                         /usr/lib/pics/libc_pic.a
                                         /usr/lib/sparcv9/libc.so.1
                                         /usr/lib/libp/sparcv9/libc.so.1
                                         /usr/lib/pics/sparcv9/libc_pic.a
 
                  109091-04 (or newer)   /usr/sbin/ufsrestore

README -- Last modified date:  Friday, January 18, 2002

Prev by Date: Redhat : ethereal packages Red Hat, Inc. Red Hat Security Advisory
Next by Date: Redhat : Updated krb5 packages fix remote buffer overflow
Previous by thread: Redhat : ethereal packages Red Hat, Inc. Red Hat Security Advisory
Next by thread: Redhat : Updated krb5 packages fix remote buffer overflow
Index(es):
- Date
- Thread