Patch-ID# 100383-07
Keywords: security rdist setuid client remote distfile
Synopsis: SunOS 4.1.3: rdist security  
Date: Jul/23/96
 
Solaris Release: 1.1

SunOS Release: 4.1.3

Note:  The fixes for 4.0.3, 4.1, 4.1.1, 4.1.2 and the 3x architecture
       from Patch 100383-06 may now be found in Patch 103822-01.
 
Unbundled Product: 
 
Unbundled Release: 

Relevant Architectures: sparc
    NOTE: sun4
 
BugId's fixed with this patch: 1258139 1069497 1074961 1059506

Changes incorporated in this version: 1258139

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch:

Obsoleted by: 

Problem Description:

1258139   rdist suffers from buffer overflow
1069497   user can gain root access using rdist
1074961   rdist can be used to create a setuid shell
1059506   rdist doesn't transfer hard linked files to different paths


INSTALL: 
 
As root:

mv /usr/ucb/rdist /usr/ucb/rdist.FCS
chmod 100 /usr/ucb/rdist.FCS

cp `arch -k`/rdist /usr/ucb/rdist
chmod 4751 /usr/ucb/rdist
chown root.staff /usr/ucb/rdist
