Patch-ID# 103604-16 Keywords: security ftp nfs memory leak getreply nmap domap rsh in.ftpd client Synopsis: SunOS 5.5.1_x86: ftp, in.ftpd, in.rexecd and in.rshd patch Date: Jun/25/2001 Solaris Release: 2.5.1_x86 SunOS Release: 5.5.1_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 103603 Topic: SunOS 5.5.1_x86: ftp, in.ftpd, in.rexecd and in.rshd patch Relevant Architectures: i386 BugId's fixed with this patch: 1144333 1198215 1246408 1249667 1251275 1255435 1256632 4009680 4066864 4080226 4104868 4139895 4193146 4197316 4324375 4436988 4445755 4446600 4451524 4452705 Changes incorporated in this version: 4436988 4445755 4446600 4451524 4452705 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 105098-03 or greater Obsoleted by: Files included with this patch: /usr/bin/ftp /usr/sbin/in.ftpd /usr/sbin/in.rexecd /usr/sbin/in.rshd Problem Description: 4436988 security: Globbing problem in in.ftpd 4446600 ftpd memory leaks 4445755 ftpd glob can still use a lot of memory and CPU 4451524 in.ftpd cores 4452705 GAVSIZ definition needs to stay in glob.c (from 103604-15) Re-build of the -14 revision to setup the dependency for patch ID # 105098-03 (or newer) (from 103604-14) 4324375 rsh to machine with two interfaces on same subnet has problems with firewall. (from 103604-13) 4139895 in.ftpd can be fooled to connect to a reserved port (from 103604-12) 4009680 ftpd security problem (from 103604-11) 4197316 buffer overflow in ftp (from 103604-10) 4193146 ftp client is too restrictive after fix for 4080226 (from 103604-09) 4080226 Security issue: security hole in mget (in ftp client) (from 103604-08) 4104868 in.ftpd consumes CPU if client end shutdown uncleanly (from 103604-07) 4066864 in.rexecd does not prevent access to expired accounts (from 103604-06) 1144333 ftp abuses malloc/free - Segmentation Fault at multiple mput (from 103604-05) 1246408 ftp may be used to get root access from port 20 to other machines (from 103604-04) 1251275 ftpd,rshd,rexecd,in.uucpd on NFS client puts user in / when homedir is mounted as a non-trusted root (from 103604-03) 1256632 ftp "nmap" function does not work (from 103604-02) 1255435 ftp dumps core if lostpeer signal handler is called right before getreply() 1249667 ftp size increases by 8k/2 page size with every open/close session memory leak (from 103604-01) 1198215 ftp can silently lose data when writing to nfs Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- None. README -- Last modified date: Monday, June 25, 2001