Patch-ID# 104332-08 Keywords: security rpcbind listen TCP SYN UDP port 8192 IP MAX_LOCAL XIDs Synopsis: SunOS 5.5.1_x86: /usr/sbin/rpcbind patch Date: Jun/19/2001 NOTE: This patch requires 103613-39 which was obsoleted by 103641-35. Solaris Release: 2.5.1_x86 SunOS Release: 5.5.1_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 104331 Topic: SunOS 5.5.1_x86: /usr/sbin/rpcbind patch NOTE: Refer to Special Install Instructions Section for IMPORTANT specific information on this patch. Relevant Architectures: i386 BugId's fixed with this patch: 4011058 4032093 4045357 4066019 4070261 4073327 4085394 4124715 Changes incorporated in this version: 4124715 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 103641-35 or greater NOTE: This patch requires 103613-39 which was obsoleted by 103641-35. Obsoleted by: Files included with this patch: /usr/sbin/rpcbind Problem Description: 4124715 Denial of Service in connection oriented Transports. (from 104332-07) 4085394 TCP connections to rpcbind remain established if client is halted. (from 104332-06) 4073327 rpcbind /tmp file security vulnerability (from 104332-05) 4070261 predictable RPC XIDs when forwarding CALLIT RPCs (from 104332-04) 4066019 Security bug with indirect calls (from 104332-03) 4032093 rpcbind can not handle 8192 IP address - MAX_LOCAL = 16 (from 104332-02) 4045357 rpcbind listens to non-privileged UDP port other than port 111 (from 104332-01) 4011058 rpcbind should have a configurable listen(3N) backlog The change to rpcbind is to add a -l parameter which will specify an upper bound on the number of connections that rpcbind can have in its listen queue. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- NOTE1: We recommend installing the following patches to get the complete support for large IP addresses: 103581-13 (or newer) kernel/drv/tcp patch 103595-10 (or newer) usr/lib/sendmail fixes 103631-08 (or newer) kernel/drv/ip patch 104957-01 (or newer) usr/sbin/in.rarpd patch 104959-01 (or newer) usr/sbin/in.rdisc patch 104961-01 (or newer) usr/sbin/snoop patch NOTE2: To get the complete fix for bug 4124715 (Denial of Service in connection oriented Transports) we recommend installation of the following patches (or newer): 103641-33 (libnsl & rpc.nisd) 103996-02 (/usr/sbin/rpc.nispasswdd) 108929-01 (/usr/sbin/rpc.bootparamd) 103687-03 (/usr/sbin/rpc.nisd_resolv) 105134-02 (/usr/sbin/keyserv) 105166-03 (ypbind) 104167-05 (/usr/lib/nfs/statd) 104221-04 (/usr/lib/nfs/mountd) README -- Last modified date: Tuesday, June 19, 2001