Patch-ID# 110058-07 Keywords: security login.krb5 chdir ftpd telnetd kerberos rshd Synopsis: SEAM 1.0_x86: Patch for Solaris 2.6_x86 / 7_x86 Date: Nov/05/2003 Install Requirements: Additional instructions may be listed below Solaris Release: 2.6_x86 7_x86 SunOS Release: 5.6_x86 5.7_x86 Unbundled Product: Solaris Enterprise Authentication Mechanism Unbundled Release: 1.0 Xref: This patch available for SPARC as patch 110057 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 4310410 4310415 4310420 4338622 4451327 4484541 4493059 4509090 4615238 4836676 Changes incorporated in this version: 4836676 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/krb5/lib/ftpd /usr/krb5/lib/krb5kdc /usr/krb5/lib/libkadm5srv.so /usr/krb5/lib/libkadm5srv.so.1 /usr/krb5/lib/login.krb5 /usr/krb5/lib/rlogind /usr/krb5/lib/rshd /usr/krb5/lib/telnetd /usr/krb5/sbin/kdb5_util Problem Description: 4836676 Bounds checks not in place for princs in krbv5 (from 110058-06) 4509090 SEAM telnetd gives away if a user exists or not (from 110058-05) 4338622 BUFFER OVERRUN VULNERABILITIES IN KERBEROS (SEAM) (from 110058-04) 4615238 login.krb5 contains buffer overflow (from 110058-03) 4484541 krbv5 telnetd vulnerable to buffer overflows 4493059 4310420 fix needs some more work (from 110058-02) 4451327 krb5 ftpd vulnerable to buffer overflows (from 110058-01) 4310415 kerberized rshd fails with non-root-accessible home directories 4310420 kerberized ftpd fails to chdir to non-root-accessible home directories 4310410 login.krb5 chdir to non-root-accessible home directories fails for rlogin/telnet Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Solaris 2.6: For Bug ID 4338622, the complete fix requires patch 112534-01 or newer. Although patches 112534-01 and 110057-05 do not require/depend on each other, the complete resolution for the bug requires both. Solaris 7: For Bug ID 4338622, the complete fix requires patch 112536-01 or newer. Although patches 112536-01 and 110057-05 do not require/depend on each other, the complete resolution for the bug requires both. Solaris 7: For Bug ID 4836676, the complete fix requires patch 112537-04 or newer. Although patches 112536-04 and 110058-07 do not require/depend on each other, the complete resolution for the bug requires both. README -- Last modified date: Wednesday, November 5, 2003