OBSOLETE Patch-ID# 103578-10 Keywords: security ftp nfs leak core getreply domap rsh rexec in.ftpd PASV Synopsis: Obsoleted by: 103578-12 SunOS 5.5_x86: ftp, in.ftpd, in.rexecd and in.rshd patch Date: Sep/28/1999 Solaris Release: 2.5_x86 SunOS Release: 5.5_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 103577 Topic: SunOS 5.5_x86: ftp, in.ftpd, in.rexecd and in.rshd patch Relevant Architectures: i386 BugId's fixed with this patch: 1198215 1241282 1246408 1249667 1251275 1255435 4066864 4080226 4104868 4197316 Changes incorporated in this version: 4197316 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/ftp /usr/sbin/in.ftpd /usr/sbin/in.rexecd /usr/sbin/in.rshd Problem Description: 4197316 buffer overflow in ftp (from 103578-09) 4080226 Security issue: security hole in mget (in ftp client) (from 103578-08) 4104868 in.ftpd consumes CPU if client end shutdown uncleanly (from 103578-07) 4066864 in.rexecd does not prevent access to expired accounts (from 103578-06) 1246408 ftp may be used to get root access from port 20 to other machines (from 103578-05) 1251275 ftpd,rshd,rexecd,in.uucpd on NFS client puts user in / instead of ~ (from 103578-04) 1241282 ftp session dies on cd or dir (from 103578-03) 1255435 ftp dumps core if lostpeer signal handler is called right before getreply() (from 103578-02) 1198215 ftp can silently lose data when writing to nfs (from 103578-01) 1249667 ftp size increases by 8k/2 page size with every open/close session memory leak Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic ''installpatch'' and ''backoutpatch'' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- None. README -- Last modified date: Monday, June 25, 2001