Patch-ID# 104331-08
Keywords: security rpcbind listen TCP SYN UDP port 8192 IP MAX_LOCAL XIDs
Synopsis: SunOS 5.5.1: /usr/sbin/rpcbind patch
Date: Jun/01/2001

Solaris Release: 2.5.1

SunOS Release: 5.5.1

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for x86 as patch 104332

Topic: SunOS 5.5.1: /usr/sbin/rpcbind patch
	NOTE:	Refer to Special Install Instructions section for
		IMPORTANT specific information on this patch.

Relevant Architectures: sparc

BugId's fixed with this patch: 4011058 4032093 4045357 4066019 4070261 4073327 4085394 4124715

Changes incorporated in this version: 4124715

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 103640-36 or greater

Obsoleted by: 

Files included with this patch: 

/usr/sbin/rpcbind

Problem Description:

4124715 Denial of Service in connection oriented Transports.
 
(from 104331-07)
 
4085394 TCP connections to rpcbind remain established if client is halted.
 
(from 104331-06)
 
4073327 rpcbind /tmp file security vulnerability
 
(from 104331-05)
 
4070261 predictable RPC XIDs when forwarding CALLIT RPCs
 
(from 104331-04)
 
4066019 Security bug with indirect calls
 
(from 104331-03)
 
4032093 rpcbind can not handle 8192 IP address - MAX_LOCAL = 16
 
(from 104331-02)
 
4045357 rpcbind listens to non-privileged UDP port other than port 111
 
(from 104331-01)
 
4011058 rpcbind should have a configurable listen(3N) backlog
 
	The change to rpcbind is to add a -l parameter which will 
	specify an upper bound on the number of connections that 
	rpcbind can have in its listen queue.

Patch Installation Instructions:
-------------------------------- 
Refer to the Install.info file within the patch for instructions on
using the generic 'installpatch' and 'backoutpatch' scripts provided
with each patch.  Any other special or non-generic installation
instructions should be described below.

Special Install Instructions:
-----------------------------
 
	NOTE1:  We recommend installing the following patches to
                get the complete support for large IP addresses: 
 
                103582-13 (or newer)      kernel/drv/tcp patch 
                103594-10 (or newer)      usr/lib/sendmail fixes
                103630-08 (or newer)      kernel/drv/ip patch 
                104956-01 (or newer)      usr/sbin/in.rarpd patch 
                104958-01 (or newer)      usr/sbin/in.rdisc patch
                104960-01 (or newer)      usr/sbin/snoop patch
 
        NOTE2:  To get the complete fix for bug 4124715 (Denial of Service in
                connection oriented Transports) we recommend installation of
                the following patches (or newer):
 
                103640-33       (libnsl & rpc.nisd)                
                103995-02       (/usr/sbin/rpc.nispasswdd)                
                108928-01       (/usr/sbin/rpc.bootparamd)        
                103686-03       (/usr/sbin/rpc.nisd_resolv)       
                105133-02       (/usr/sbin/keyserv)               
                105165-03       (ypbind)         
                104166-05       (/usr/lib/nfs/statd)                 
                104220-04       (/usr/lib/nfs/mountd)

README -- Last modified date:  Friday, June 1, 2001