Patch-ID# 103818-04 Keywords: security rdist buffer overflow lookup sprintf Synopsis: SunOS 5.5.1_x86: /usr/bin/rdist patch Date: Feb/16/00 Solaris Release: 2.5.1_x86 SunOS Release: 5.5.1_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 103817 Xref: This patch available for PPC as patch 103819 Topic: SunOS 5.5.1_x86: /usr/bin/rdist patch BugId's fixed with this patch: 1258139 4072602 4108094 4119069 4128122 4284268 Changes incorporated in this version: 4284268 Relevant Architectures: i386 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/rdist Problem Description: 4284268 rdist fails to clear setuid as it claims (from 103818-03) 4108094 rdist not distributing hard-linked files properly after 5.4 4119069 rdist security fixes break rdist 4128122 rdist dumps core (from 103818-02) 4072602 buffer overflow in rdist can be exploited to become root (from 103818-01) 1258139 *rdist* suffers from buffer overflow Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- None.