PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER (ISSO), SPECIAL SECURITY OFFICER (SSO), INFORMATION RESOURCE MANAGER (IRM) AND AUTOMATED DATA PROCESSOR (ADP) COORDINATORS SUBJECT: SUMMARY OF SUNOS SECURITY PATCHES (AUTOMATED SYSTEM SECURITY INCIDENT SUPPORT TEAM (ASSIST) BULLETIN 93-22). 1. THIS BULLETIN CONTAINS A COMPILED LIST OF ALL SECURITY RELATED PATCHES CURRENTLY AVAILABLE FROM SUN MICROSYSTEMS. THE PATCHES HAVE BEEN GROUPED BY SUNOS VERSION, AND ANY APPLICABLE PATCHES NOT CURRENTLY PRESENT ON A SYSTEM SHOULD BE INSTALLED IMMEDIATELY. SUN SECURITY PATCHES ARE AVAILABLE THROUGH BOTH YOUR SUN ANSWER CENTER AND ANONYMOUS FTP. IN THE U.S., FTP TO FTP.UU.NET (IP 192.48.96.9) AND RETRIEVE THE PATCHES FROM THE DIRECTORY /SYSTEMS/SUN/SUN-DIST. IN EUROPE, FTP TO MCSUN.EU.NET (IP 192.16.202.1) AND RETRIEVE THE PATCHES FROM THE /SUN/FIXESDIRECTORY. 2. THE PATCHES ARE CONTAINED IN COMPRESSED TARFILES WITH FILENAMES BASED ON THE ID NUMBER OF THE PATCH (E.G. PATCH 100085-03 IS CONTAINED IN THE FILE 100085-03.TAR.Z), AND MUST BE RETRIEVED USING FTP'S BINARY TRANSFER MODE. AFTER OBTAINING THE PATCHES, COMPUTE THE CHECKSUM OF EACH COMPRESSED TARFILEAND COMPARE WITH THE VALUES INDICATED BELOW. FOR EXAMPLE, THE COMMAND "/USR/BIN/SUM 100085-03.TAR.Z" SHOULD RETURN "44177 740". PLEASE NOTE THATSUN MICROSYSTEMS OCCASIONALLY UPDATES PATCH FILES, RESULTING IN A CHANGED CHECKSUM. IF YOU SHOULD FIND A CHECKSUM THAT DIFFERS FROM THOSE LISTED BELOW, PLEASE CONTACT SUN MICROSYSTEMS OR CIAC FOR VERIFICATION BEFORE USINGTHE PATCH. THE PATCHES MAY BE EXTRACTED FROM THE COMPRESSED TARFILES USING THE /+- COMMAND SUN COMPRESS AND TAR. FOR EXAMPLE, TO EXTRACT PATCH 100085-03 FROM THE COMPRESSED TARFILE 100085-03.TAR.Z, EXECUTE THE COMMANDS "UNCOMPRESS 100085-03.TAR.Z" AND "TAR XVF 100085-03.TAR". FOR SPECIFIC INSTRUCTIONS REGARDING THE INSTALLATION OF A PARTICULAR PATCH,CONSULT THE README FILE ACCOMPANYING EACH PATCH. AS MULTIPLE PATCHES MAY AFFECT THE SAME FILES, IT IS RECOMMENDED THAT PATCHES BE INSTALLED CHRONOLOGICALLY BY REVISION DATE, WITH THE EXCEPTION OF PATCHES FOR WHICH AN EXPLICIT ORDER IS SPECIFIED. 3. PATCHES FOR SUNOS 5.2 (SOLARIS 2.2): PATCH ID LAST REVISED CHECKSUM DESCRIPTION --------- ------------ ---------- ----------- 101090-01 28-JUN-93 44985 54 EXPRESERVE CAN OVERWRITE ANY FILE 4. PATCHES FOR SUNOS 5.1 (SOLARIS 2.1): PATCH ID LAST REVISED CHECKSUM DESCRIPTION --------- ------------ ---------- ----------- 100833-02 12-JAN-93 24412 309 C2 AUDITING MISSING IN SOME PROGRAMS 100840-01 12-JAN-93 25050 220 SENDMAIL BYPASSES MAILHOST 100884-01 12-FEB-93 63299 5220 SECURITY FIXES FOR SUN4M MACHINES 101089-01 28-JUN-93 4501 54 EXPRESERVE CAN OVERWRITE ANY FILE 5. PATCHES FOR SUNOS 5.0 (SOLARIS 2.0): PATCH ID LAST REVISED CHECKSUM DESCRIPTION --------- ------------ ---------- ----------- 100723-01 24-AUG-92 49406 2 INCORRECT PERMISSIONS AFTER INSTALL 101119-01 28-JUN-93 61863 54 EXPRESERVE CAN OVERWRITE ANY FILE 6. PATCHES FOR SUNOS SUNOS 4.1.3 PATCH ID LAST REVISED CHECKSUM DESCRIPTION --------- ------------ ---------- ----------- 100448-01 10-DEC-91 29285 5 OPENWINDOWS 3.0 LOADMODULE HOLE 100478-01 14-FEB-92 64588 58 OPENWINDOWS 3.0 XLOCK VULNERABILITY 100296-04 18-JUN-92 42492 40 FILE SYSTEMS EXPORTED INCORRECTLY 100507-04 3-SEP-92 57590 61 TMPFS FILE SYSTEM VULNERABILITY 100372-02 8-SEP-92 22739 712 TFS FAILS UNDER C2 100377-05 15-SEP-92 29141 1076 SENDMAIL SECURITY HOLES 100103-11 29-SEP-92 19847 6 PERMISSIONS INCORRECT ON MANY FILES 100567-04 27-OCT-92 15728 11 ICMP PACKETS CAN BE FORGED 100564-05 11-NOV-92 00115 824 C2 JUMBO PATCH 100482-04 16-NOV-92 06594 342 YPSERV WILL SEND NIS MAPS TO ANYONE 100513-02 2-DEC-92 34315 483 CONSOLE CAN BE REDIRECTED 100623-03 11-DEC-92 56063 141 NFS FILE HANDLES CAN BE GUESSED 100173-10 7-JAN-93 48086 788 NFS JUMBO PATCH 100383-06 26-JAN-93 58984 121 RDIST CAN CREATE SETUID ROOT FILES 100452-28 29-JAN-93 07299 1688 CMDTOOL MAY REVEAL PASSWORDS 100305-11 12-FEB-93 38582 500 THE LP DAEMON CAN DELETE SYSTEM FILES 100891-01 19-FEB-93 33195 3075 NETGROUP AND XLOCK VULNERABILITIES 100224-06 5-MAR-93 57647 54 MAIL AND RMAIL CAN INVOKE ROOT SHELLS 101080-01 9-JUN-93 45221 13 EXPRESERVE CAN OVERWRITE ANY FILE 7. PATCHES FOR SUNOS 4.1.2: PATCH ID LAST REVISED CHECKSUM DESCRIPTION --------- ------------ ---------- ----------- 100184-02 14-DEC-90 06627 33 OPENWINDOWS 2.0 VULNERABILITY 100448-01 10-DEC-91 29285 5 OPENWINDOWS 3.0 LOADMODULE HOLE 100478-01 14-FEB-92 64588 58 OPENWINDOWS 3.0 XLOCK VULNERABILITY 100630-01 18-MAY-92 28074 39 ENVIRONMENT VARIABLES VULNERABILITY 100633-01 22-MAY-92 33264 20 ENVIRONMENT VARIABLES WITH SUN'S ARM 100296-04 18-JUN-92 42492 40 FILE SYSTEMS EXPORTED INCORRECTLY 100376-04 16-JUL-92 12884 100 INTEGER DIVISION VULNERABILITY 100507-04 3-SEP-92 57590 61 TMPFS FILE SYSTEM VULNERABILITY 100372-02 8-SEP-92 22739 712 TFS FAILS UNDER C2 100377-05 15-SEP-92 29141 1076 SENDMAIL SECURITY HOLES 100103-11 29-SEP-92 19847 6 PERMISSIONS INCORRECT ON MANY FILES 100567-04 27-OCT-92 15728 11 ICMP PACKETS CAN BE FORGED 100564-05 11-NOV-92 00115 824 C2 JUMBO PATCH 100482-04 16-NOV-92 06594 342 YPSERV WILL SEND NIS MAPS TO ANYONE 100513-02 2-DEC-92 34315 483 CONSOLE CAN BE REDIRECTED 100623-03 11-DEC-92 56063 141 NFS FILE HANDLES CAN BE GUESSED 100173-10 7-JAN-93 48086 788 NFS JUMBO PATCH 100383-06 26-JAN-93 58984 121 RDIST CAN CREATE SETUID ROOT FILES 100452-28 29-JAN-93 07299 1688 CMDTOOL MAY REVEAL PASSWORDS 100305-11 12-FEB-93 38582 500 THE LP DAEMON CAN DELETE SYSTEM FILES 100224-06 5-MAR-93 57647 54 MAIL AND RMAIL CAN INVOKE ROOT SHELLS 101080-01 9-JUN-93 45221 13 EXPRESERVE CAN OVERWRITE ANY FILE 8. PATCHES FOR SUNOS 4.1.1: PATCH ID LAST REVISED CHECKSUM DESCRIPTION --------- ------------ ---------- ----------- 100085-03 5-SEP-90 44177 740 SUNVIEW SELECTION_SVC VULNERABILITY 100184-02 14-DEC-90 06627 33 OPENWINDOWS 2.0 VULNERABILITY 100125-05 8-JUL-91 41964 164 TELNET PERMITS PASSWORD CAPTURE 100424-01 12-NOV-91 63070 50 NFS FILE HANDLES CAN BE GUESSED 100448-01 10-DEC-91 29285 5 OPENWINDOWS 3.0 LOADMODULE HOLE 100478-01 14-FEB-92 64588 58 OPENWINDOWS 3.0 XLOCK VULNERABILITY 100630-01 18-MAY-92 28074 39 ENVIRONMENT VARIABLES VULNERABILITY 100633-01 22-MAY-92 33264 20 ENVIRONMENT VARIABLES WITH SUN'S ARM 100296-04 18-JUN-92 42492 40 FILE SYSTEMS EXPORTED INCORRECTLY 100376-04 16-JUL-92 12884 100 INTEGER DIVISION VULNERABILITY 100507-04 3-SEP-92 57590 61 TMPFS FILE SYSTEM VULNERABILITY 100372-02 8-SEP-92 22739 712 TFS FAILS UNDER C2 100377-05 15-SEP-92 29141 1076 SENDMAIL SECURITY HOLES 100103-11 29-SEP-92 19847 6 PERMISSIONS INCORRECT ON MANY FILES 100567-04 27-OCT-92 15728 11 ICMP PACKETS CAN BE FORGED 100201-06 5-NOV-92 13145 164 C2 JUMBO PATCH 100267-09 6-NOV-92 55338 5891 NETGROUP MEMBERSHIP CHECK FAILS 100482-04 16-NOV-92 06594 342 YPSERV WILL SEND NIS MAPS TO ANYONE 100513-02 2-DEC-92 34315 483 CONSOLE CAN BE REDIRECTED 100173-10 7-JAN-93 48086 788 NFS JUMBO PATCH 100383-06 26-JAN-93 58984 121 RDIST CAN CREATE SETUID ROOT FILES 100452-28 29-JAN-93 07299 1688 CMDTOOL MAY REVEAL PASSWORDS 100305-11 12-FEB-93 38582 500 THE LP DAEMON CAN DELETE SYSTEM FILES 100224-06 5-MAR-93 57647 54 MAIL AND RMAIL CAN INVOKE ROOT SHELLS 101080-01 9-JUN-93 45221 13 EXPRESERVE CAN OVERWRITE ANY FILE 9. PATCHES FOR SUNOS 4.1: PATCH ID LAST REVISED CHECKSUM DESCRIPTION --------- ------------ ---------- ----------- 100101-02 7-AUG-90 42872 34 PTRACE SECURITY VULNERABILITY 100085-03 5-SEP-90 44177 740 SUNVIEW SELECTION_SVC VULNERABILITY 100184-02 14-DEC-90 06627 33 OPENWINDOWS 2.0 VULNERABILITY 100125-05 8-JUL-91 41964 164 TELNET PERMITS PASSWORD CAPTURE 100630-01 18-MAY-92 28074 39 ENVIRONMENT VARIABLES VULNERABILITY 100376-04 16-JUL-92 12884 100 INTEGER DIVISION VULNERABILITY 100377-05 15-SEP-92 29141 1076 SENDMAIL SECURITY HOLES 100103-11 29-SEP-92 19847 6 PERMISSIONS INCORRECT ON MANY FILES 100567-04 27-OCT-92 15728 11 ICMP PACKETS CAN BE FORGED 100201-06 5-NOV-92 13145 164 C2 JUMBO PATCH 100482-04 16-NOV-92 06594 342 YPSERV WILL SEND NIS MAPS TO ANYONE 100513-02 2-DEC-92 34315 483 CONSOLE CAN BE REDIRECTED 100383-06 26-JAN-93 58984 121 RDIST CAN CREATE SETUID ROOT FILES 100452-28 29-JAN-93 07299 1688 CMDTOOL MAY REVEAL PASSWORDS 100305-11 12-FEB-93 38582 500 THE LP DAEMON CAN DELETE SYSTEM FILES 100121-09 24-FEB-93 57589 360 NFS JUMBO PATCH 101080-01 9-JUN-93 45221 13 EXPRESERVE CAN OVERWRITE ANY FILE 10. PATCHES FOR SUNOS 4.0.3 AND 4.0.3C: PATCH ID LAST REVISED CHECKSUM DESCRIPTION --------- ------------ ---------- ----------- 100100-01 30-JUL-90 43821 588 SENDMAIL PERMITS ROOT LEVEL ACCESS 100101-02 7-AUG-90 42872 34 PTRACE SECURITY VULNERABILITY 100085-03 5-SEP-90 44177 740 SUNVIEW SELECTION_SVC VULNERABILITY 100184-02 14-DEC-90 06627 33 OPENWINDOWS 2.0 VULNERABILITY 100125-05 8-JUL-91 41964 164 TELNET PERMITS PASSWORD CAPTURE 100383-06 26-JAN-93 58984 121 RDIST CAN CREATE SETUID ROOT FILES 11. PATCHES FOR SUNOS 4.0.2I: PATCH ID LAST REVISED CHECKSUM DESCRIPTION --------- ------------ ---------- ----------- 100108-01 22-AUG-90 50309 146 SENDMAIL SECURITY VULNERABILITY 12. PATCHES FOR SUNOS 4.0.1 AND 4.0.2: PATCH ID LAST REVISED CHECKSUM DESCRIPTION --------- ------------ ---------- ----------- 100085-03 5-SEP-90 44177 740 SUNVIEW SELECTION_SVC VULNERABILITY 12. POINT OF CONTACT: ASSIST POINT OF CONTACT FOR THIS MATTER IS PETE HAMMES, COMM (703) 756-7974, DSN 289-7974. ASSIST CAN BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER (800) SKY-PAGE (800-759- 7243), PIN NUMBER 2133937. WHEN CALLING THE PAGER SERVICE, FOLLOW THE AUTOMATED VOICE INSTRUCTIONS AND ENTER THE CALL BACK NUMBER AFTER THE PROMPT. THE ASSIST DUTY OFFICER WILL CALL YOU BACK WITHIN 30 MINUTES. IF FASTER SERVICE IS REQUIRED, PREFIX YOUR TELEPHONE NUMBER WITH "999", AND THE ASSIST DUTY OFFICER WILL CALL BACK WITHIN 5 MINUTES. ASSIST CAN ALSO BE REACHED VIA E-MAIL AT "DOD-CERT(AT- SIGN)DDN-CONUS.DDN.MIL", OR BY DIALING INTO THE ASSIST ELECTRONIC BULLETIN BOARD AT (703) 756-7993, DSN 289-7993, AND LEAVING A MESSAGE FOR THE SYSOP. BT