Patch-ID# 103604-09 Keywords: security ftp nfs memory leak core getreply nmap domap rsh in.ftpd Synopsis: SunOS 5.5.1_x86: ftp, in.ftpd, in.rexecd and in.rshd patch Date: Sep/11/98 Solaris Release: 2.5.1_x86 SunOS Release: 5.5.1_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 103603 Topic: SunOS 5.5.1_x86: ftp, in.ftpd, in.rexecd and in.rshd patch BugId's fixed with this patch: 1144333 1198215 1246408 1249667 1251275 1255435 1256632 4066864 4080226 4104868 Changes incorporated in this version: 4080226 Relevant Architectures: i386 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/ftp /usr/sbin/in.ftpd /usr/sbin/in.rexecd /usr/sbin/in.rshd Problem Description: 4080226 Security issue: security hole in mget (in ftp client) (from 103604-08) 4104868 in.ftpd consumes CPU if client end shutdown uncleanly (from 103604-07) 4066864 in.rexecd does not prevent access to expired accounts (from 103604-06) 1144333 ftp abuses malloc/free - Segmentation Fault at multiple mput (from 103604-05) 1246408 ftp may be used to get root access from port 20 to other machines (from 103604-04) 1251275 ftpd,rshd,rexecd,in.uucpd on NFS client puts user in / when homedir is mounted as a non-trusted root (from 103604-03) 1256632 ftp "nmap" function does not work (from 103604-02) 1255435 ftp dumps core if lostpeer signal handler is called right before getreply() 1249667 ftp size increases by 8k/2 page size with every open/close session memory leak (from 103604-01) 1198215 ftp can silently lose data when writing to nfs Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- None.