Patch-ID# 108891-02 Keywords: security ypxfrd ypbind ypbind.pid diskless clients lookup rpcbind Synopsis: SunOS 5.6_x86: ypxfrd, ypbind, and ypserv patch Date: Nov/08/2002 Install Requirements: See Special Install Instructions Solaris Release: 2.6_x86 SunOS Release: 5.6_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 108890 Topic: SunOS 5.6_x86: ypxfrd, ypbind, and ypserv patch Relevant Architectures: i386 BugId's fixed with this patch: 1225430 4080264 4105286 4124715 4362647 4737417 Changes incorporated in this version: 4737417 Patches accumulated and obsoleted by this patch: 105404-04 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/lib/netsvc/yp/ypbind /usr/lib/netsvc/yp/ypserv /usr/lib/netsvc/yp/ypxfrd Problem Description: 4737417 ypxfrd security issue with map handling (from 108891-01) 4124715 Denial of Service in connection oriented Transports. (from 105404-04) 4362647 ypbind has a remotely exploitable buffer overflow allowing root privileges (from 105404-03) 4124715 Denial of Service in connection oriented Transports. (from 105404-02) 4105286 NIS master with DNS forwarding mode will hang up during system-reboot (from 105404-01) 4080264 ypbind.pid file not created for diskless clients 1225430 ypbind can get requests before it is ready for them Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- NOTE 1: To get the complete fix for bug 4124715 (Denial of Service in connection oriented Transports) we recommend installation of the following patches (or newer): 105402-27 (libnsl, rpc.nisd & rpc.nispasswdd) 108896-01 (/usr/sbin/rpc.bootparamd) 108894-01 (/usr/lib/netsvc/yp/rpc.ypupdated) 105553-03 (/usr/sbin/rpc.nisd_resolv) 105217-04 (/usr/sbin/rpcbind) 108308-02 (/usr/sbin/keyserv) 106593-03 (/usr/lib/nfs/statd) 105616-08 (/usr/lib/nfs/mountd) NOTE 2: To get the complete fix for 1225430 (ypbind can get requests before it is ready for them) and 4080264 (ypbind.pid file not created for diskless clients), one needs to install 105402-02 (or newer). README -- Last modified date: Friday, November 8, 2002