Patch-ID# 103814-05 Keywords: security rdist buffer overflow lookup sprintf Synopsis: SunOS 5.4_x86: /usr/bin/rdist patch Date: Mar/12/2001 Solaris Release: 2.4_x86 SunOS Release: 5.4_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 103813 Topic: SunOS 5.4_x86: /usr/bin/rdist patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: i386 BugId's fixed with this patch: 1258139 4072602 4119069 4128122 4284268 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/rdist Problem Description: Repatch with new backoutpatch (from 103814-04) 4284268 rdist fails to clear setuid as it claims (from 103814-03) 4119069 rdist security fixes break rdist 4128122 rdist dumps core (from 103814-02) 4072602 buffer overflow in rdist can be exploited to become root (from 103814-01) 1258139 *rdist* suffers from buffer overflow Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- NOTE: The fixes for bugs 4119069 & 4128122 also require the installation of the Kernel Update patch 101946-42 (or its newer version). README -- Last modified date: Monday, March 12, 2001