Patch-ID# 106952-04 Keywords: security uux buffer overflow set-uid uucp uustat buffer stack Synopsis: SunOS 5.7: /usr/bin/uux patch Date: Feb/13/2004 Install Requirements: None Solaris Release: 7 SunOS Release: 5.7 Unbundled Product: Unbundled Release: Xref: This patch is available for x86 as patch 106953 Topic: SunOS 5.7: /usr/bin/uux patch Relevant Architectures: sparc BugId's fixed with this patch: 4164924 4179980 4416701 4489569 4756979 4804089 Changes incorporated in this version: 4756979 4804089 Patches accumulated and obsoleted by this patch: 108331-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/uucp /usr/bin/uuglist /usr/bin/uustat /usr/bin/uux /usr/lib/uucp/bnuconvert /usr/lib/uucp/uucheck /usr/lib/uucp/uucico /usr/lib/uucp/uucleanup /usr/lib/uucp/uusched /usr/lib/uucp/uuxqt Problem Description: 4804089 *uucp* /usr/bin/uucp buffer overflow 4756979 uucp contains a buffer overflow (from 106952-03) 4489569 uucp trailing / in the destination dir name required when 106468-04 installed (from 106952-02) 4416701 Buffer overflows in uucp can allow uucp uid access. (from 106952-01) 4179980 uux has buffer overflow problems. (from 108331-01) 4164924 *uustat* uses gets() which does not do bounds checking to a buffer on stack Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- None. README -- Last modified date: Friday, February 13, 2004