Patch-ID# 101545-03 Keywords: security ps column output ps_data buffer overflow Synopsis: SunOS 5.3: /usr/bin/ps and /usr/ucb/ps fixes Date: Jul/07/97 Solaris Release: 2.3 SunOS Release: 5.3 Unbundled Product: Unbundled Release: Topic: SunOS 5.3: /usr/bin/ps and /usr/ucb/ps fixes BugId's fixed with this patch: 1154456 1208044 4053228 4057343 Changes incorporated in this version: 4053228 4057343 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/ps /usr/ucb/ps Problem Description: 4053228 buffer overflow in ps can lead to root access - exploit is public 4057343 /usr/ucb/ps -t option does not work on intel platform (from 101545-02) 1208044 Creation of /tmp/ps_data is security hole (from 101545-01) 1154456 Binary incompatibility in the ps(1) command in SunOS 5.3 In SunOS 5.3, the output of the ps(1) command was changed and two extra characters are now printed, 82 characters for 'ps -l' rather than the old 80 characters. More importantly, the column positions of the TIME and COMD fields were shifted right by two columns. The output of ps is old and arcane and there are scripts developed that rely on the exact columns of the ps output. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- None.