Patch-ID# 101494-04 Keywords: security rdist remote directories overflow buffer Synopsis: SunOS 5.3: rdist patch Date: Oct/16/98 Solaris Release: 2.3 SunOS Release: 5.3 Unbundled Product: Unbundled Release: Topic: SunOS 5.3: rdist patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. BugId's fixed with this patch: 1103223 1258139 4072602 4119069 4128122 Changes incorporated in this version: 4119069 4128122 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/rdist Problem Description: 4119069 rdist security fixes break rdist 4128122 rdist dumps core (from 101494-03) 4072602 buffer overflow in rdist can be exploited to become root (from 101494-02) 1258139 *rdist* suffers from buffer overflow (from 101494-01) 1103223 rdist -R is broken in Solaris 2.0 FCS When using the -R flag, rdist will not remove remote/slave directories that no longer exist on local/master system. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- NOTE 1: make sure to install new rdist as suid (4755) and owned by root. NOTE 2: The fixes for bugs 4119069 & 4128122 also require the installation of the Kernel Update patch 101318-86 (or its newer version).