Patch-ID# 114565-04 Keywords: security ftp dos retry connect in.ftpd Synopsis: SunOS 5.9_x86: /usr/sbin/in.ftpd Patch Date: Aug/27/2004 Install Requirements: None Solaris Release: 9_x86 SunOS Release: 5.9_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 114564 Topic: SunOS 5.9_x86: /usr/sbin/in.ftpd Patch Relevant Architectures: i386 BugId's fixed with this patch: 4705192 4706072 4714534 4864687 5016478 Changes incorporated in this version: 5016478 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/sbin/ftpcount /usr/sbin/ftprestart /usr/sbin/ftpshut /usr/sbin/ftpwho /usr/sbin/in.ftpd /usr/sbin/privatepw Problem Description: 5016478 The limit of NLST(ftp) on Solaris9 is too small. (from 114565-03) 4864687 Solaris 9 ftpd slow with PUT (from 114565-02) 4706072 Buffer size miscalculations in realpath.c 4705192 Possible buffer overflow if ftpconversions feature is in use (from 114565-01) 4714534 FTP server connect retry DOS vulnerability Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- None. README -- Last modified date: Friday, August 27, 2004