[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SunOS : telnetd patch!

Patch-ID# 110668-03
Keywords: security gettext telnetd TTYPROMPT remote buffer overflow
Synopsis: SunOS 5.8: /usr/sbin/in.telnetd patch
Date: Jan/18/2002

Solaris Release: 8

SunOS Release: 5.8

Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 110669

Topic: SunOS 5.8: /usr/sbin/in.telnetd patch

Relevant Architectures: sparc

BugId's fixed with this patch: 4366956 4375449 4483514 4516876 4523990 4527873

Changes incorporated in this version: 4483514 4523990 4527873

Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/sbin/in.telnetd

Problem Description:

4483514 in.telnetd vulnerable to buffer overflow ??
4523990 in.telnetd needs some cleanup
4527873 telnetd issues garbage before login prompt if BANNER in use
(from 110668-02)
4516876 in.telnetd should not accept TTYPROMPT from remote
(from 110668-01)
4366956 NLSPATH gettext introduces problems when used printf format specifier
4375449 dtmail crashes when calling catgets with NULL default message

Patch Installation Instructions:
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
For Solaris 7-8 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
       example# patchadd /var/spool/patch/104945-02
The following example removes a patch from a standalone system:
       example# patchrm 104945-02
For additional examples please see the appropriate man pages.

Special Install Instructions:
         NOTE:    To get the complete fix for 4366956 (NLSPATH gettext
                  introduces problems when used printf format specifier),
                  we recommend installing the following patches:
                  110670-01 (or newer)   /usr/sbin/static/rcp patch
                  108991-06 (or newer)   /usr/lib/libc.a
                  109091-04 (or newer)   /usr/sbin/ufsrestore

README -- Last modified date:  Friday, January 18, 2002