Patch-ID# 110646-05 Keywords: security in.ftpd reserved port Synopsis: SunOS 5.7: /usr/sbin/in.ftpd Patch Date: Jun/25/2003 Install Requirements: None Solaris Release: 7 SunOS Release: 5.7 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 110647 Topic: SunOS 5.7: /usr/sbin/in.ftpd Patch Relevant Architectures: sparc BugId's fixed with this patch: 4139895 4244544 4436988 4445755 4446600 4451524 4452705 4714534 4758151 Changes incorporated in this version: 4758151 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/sbin/in.ftpd Problem Description: 4758151 /usr/sbin/in.ftpd does not properly implement PAM (from 110646-04) 4714534 FTP server connect retry DOS vulnerability (from 110646-03) 4244544 in.ftpd doesn't preserve S_ISGID bit on directories (from 110646-02) 4436988 security: Globbing problem in in.ftpd 4446600 ftpd memory leaks 4445755 ftpd glob can still use a lot of memory and CPU 4451524 in.ftpd cores 4452705 GAVSIZ definition needs to stay in glob.c (from 110646-01) 4139895 in.ftpd can be fooled to connect to a reserved port Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- None. README -- Last modified date: Wednesday, June 25, 2003