Patch-ID# 106881-03 Keywords: ENCRYPTION INTERNATIONAL security NAT EFS crypto MP fwcnv international Synopsis: SunScreen EFS 2.0: NAT, MP, and FW-1 conversion fixes Date: Sep/09/99 ****************************************************** The items made available through this website are subject to United States export laws and may be subject to export and import laws of other countries. You agree to strictly comply with all such laws and obtain licenses to export, re-export, or import as may be required. Unless expressly authorized by the United States Government to do so you will not, directly or indirectly, export or re-export the items made available through this website, nor direct the items therefrom, to any embargoed or restricted country identified in the United States export laws, including but not limited to the Export Administration Regulations (15 C.F.R. Parts 730-774). ****************************************************** Solaris Release: 2.5.1 2.6 SunOS Release: 5.5.1 5.6 Unbundled Product: SunScreen EFS Unbundled Release: 2.0 BugID's fixed with this patch: 4129413 4147178 4175640 4192417 4210483 4225804 4225809 4227107 Changes incorporated in this version: NOTE: Fixes for NAT, MP, memory management, and FW-1 conversion problems. Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: SUNWicgFW /opt/SUNWfwcnv/lib/ObjStore.class SUNWicgSS /kernel/drv/screen /usr/kernel/drv/screen_skip /usr/kernel/misc/screen_dns /usr/kernel/misc/screen_ftp /usr/kernel/misc/screen_ip /usr/kernel/misc/screen_nfsro /usr/kernel/misc/screen_ping /usr/kernel/misc/screen_pmap /usr/kernel/misc/screen_raudio /usr/kernel/misc/screen_rsh /usr/kernel/misc/screen_stateless /usr/kernel/misc/screen_tcp /usr/kernel/misc/screen_udp Problem Description: 4210483 - efs 2.0 panics: BAD TRAP occurred in module "screen" due to an illegal access (SUNWicgSS) 4225804 - fwconvert fails with Array out of bounds (SUNWfwcnv) 4225809 - fwconvert doesn't convert groups correctly (SUNWfwcnv) 4227107 - Dynamic NAT does not work with FTP servers that send data on high ports (SUNWicgSS) (from 106881-02) 4192417 - NAT breaks Passive ftp if port number is too high (SUNWicgSS) (from 106881-01) 4129413 - SKIP host (or remote admin) could not be NATed (SUNWicgSS) 4147178 - Mix of Dynamic/Static mappings can cause look up problem (SUNWicgSS) 4175640 - Screen panics with BAD TRAP (SUNWicgSS) Instructions to install patch on SunScreen EFS 2.0 Screen --------------------------------------------------------- 1. Become root on the Screen. 2. Transfer patch file to the Screen via floppy or ftp (where 3 MB free). 3. Then type: # uncompress 106881-03.tar.Z # tar xf 106881-03.tar # 106881-03/installpatch 106881-03 4. Reboot the EFS system. Instructions for identifying patches installed on system: ---------------------------------------------------------- 1. To identify the patch level on your SunScreen EFS 2.0 Screen, execute the commands: % ls -lt /var/sadm/patch > screen.pkginfo % pkginfo -l >> screen.pkginfo 2. To identify the patch level on your SunScreen EFS 2.0 Administration Station, execute the commands: % ls -lt /var/sadm/patch > admin.pkginfo % pkginfo -l >> admin.pkginfo Instructions to backout patch on SunScreen EFS 2.0 Screen --------------------------------------------------------- 1. Become root on the Screen. 2. Then type: # cd /var/sadm/patch # 106881-03/backoutpatch 106881-03