Patch-ID# 106302-06
Keywords: security in.ftpd cpu client shutdown
Synopsis: SunOS 5.6_x86: /usr/sbin/in.ftpd patch
Date: Sep/24/2003


Install Requirements: None                      
                      
Solaris Release: 2.6_x86

SunOS Release: 5.6_x86

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for SPARC as patch 106301

Topic: SunOS 5.6_x86: /usr/sbin/in.ftpd patch

Relevant Architectures: i386

BugId's fixed with this patch: 4104868 4139895 4244544 4436988 4445755 4446600 4451524 4452705 4714534 4758151

Changes incorporated in this version: 4758151

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

/usr/sbin/in.ftpd

Problem Description:

4758151 /usr/sbin/in.ftpd does not properly implement PAM
 
(from 106302-05)
 
4714534 FTP server connect retry DOS vulnerability
 
(from 106302-04)
 
4244544 in.ftpd doesn't preserve S_ISGID bit on directories
 
(from 106302-03)
 
4436988 security: Globbing problem in in.ftpd
4446600 ftpd memory leaks
4445755 ftpd glob can still use a lot of memory and CPU
4451524 in.ftpd cores
4452705 GAVSIZ definition needs to stay in glob.c
 
(from 106302-02)
 
4139895 in.ftpd can be fooled to connect to a reserved port
 
(from 106302-01)
 
4104868 in.ftpd consumes CPU if client end shutdown uncleanly

Patch Installation Instructions:
-------------------------------- 
Refer to the Install.info file within the patch for instructions on
using the generic 'installpatch' and 'backoutpatch' scripts provided
with each patch.  Any other special or non-generic installation
instructions should be described below.

Special Install Instructions:
-----------------------------
None.

README -- Last modified date:  Wednesday, September 24, 2003