Patch-ID# 110667-01 Keywords: ENCRYPTION security international NAT FTP fragmentation configuration backup Synopsis: SunScreen SPF-200 1.0: patch for miscellaneous fixes Date: Jan/23/2001 ****************************************************** The items made available through this website are subject to United States export laws and may be subject to export and import laws of other countries. You agree to strictly comply with all such laws and obtain licenses to export, re-export, or import as may be required. Unless expressly authorized by the United States Government to do so you will not, directly or indirectly, export or re-export the items made available through this website, nor direct the items therefrom, to any embargoed or restricted country identified in the United States export laws, including but not limited to the Export Administration Regulations (15 C.F.R. Parts 730-774). ****************************************************** Solaris Release: SunOS Release: Unbundled Product: SunScreen SPF-200 Unbundled Release: 1.0 Xref: Topic: Relevant Architectures: BugId's fixed with this patch: 4079382 4101285 4168058 4168073 4171911 4174437 4193395 4207703 4347895 4347896 4347906 4398977 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 105047-21 or greater Obsoleted by: Files included with this patch: /etc/init.d/sunscreen /kernel/drv/screen /opt/SUNWicg/SunScreen/bin/ss_active_config /opt/SUNWicg/SunScreen/bin/ss_backup /usr/kernel/misc/screen_dns /usr/kernel/misc/screen_ftp /usr/kernel/misc/screen_ip /usr/kernel/misc/screen_ping /usr/kernel/misc/screen_raudio /usr/kernel/misc/screen_rsh /kernel/strmod/efs /kernel/strmod/spf /opt/SUNWicg/SunScreen/bin/ss_traffic_stats /opt/SUNWicg/SunScreen/support/screeninfo /usr/kernel/drv/screen_skip /usr/kernel/misc/screen_pmap /usr/kernel/misc/screen_stateless /usr/kernel/misc/screen_tcp /usr/kernel/misc/screen_udp SUNWicgEF SUNWicgSP SUNWicgSS Problem Description: 4398977 - ftp state engine can't handle tcp option tstamp 4347906 - Protection against jolt2.c fragmentation attacks 4347895 - Protection against PASV FTP attacks 4347896 - File containing something that looks like FTP commands could be misinterpreted 4207703 - ss_traffic_stats displays negative numbers 4193395 - spf_backup does not save the SNMP trap reciever addresses 4174437 - prtdiag command fails with screeninfo on some systems 4171911 - SPF Screen active configuration lost (SUNWicgSS) 4168073 - screeninfo does not include ss_alerts 4168058 - screen_tcp num_hash_entries counter goes negative (SUNWicgSS) 4101285 - passive ftp fails intermittently when STATIC NAT used (SUNWicgSS) 4079382 - intranet pkts need to be dropped at the SPF filtering level Patch Installation Instructions: -------------------------------------------------------- Instructions to install patch on SunScreen SPF-200 Screen --------------------------------------------------------- Reminder: The SunScreen SPF-200 CD-ROM must be in the Screen's CD-ROM drive, as is usually the case. 1. On the Administration Station, run the following command: # ss_client ss_patch install < 110667-01.tar.Z Instructions for identifying patches installed on system -------------------------------------------------------- 1. To identify the patch level on your SunScreen SPF-200 screen you must use this command: # ss_client packages > screen.pkginfo This shows (1) ls -lt /var/sadm/patch, (2) pkginfo -l, and (3) the contents of /var/log/patch.log. Or, if patch 105047-21 or later has already been installed, you can run the following command to list all patches which are currently installed on the screen: # ss_client ss_patch list 2. To identify the patch level on your SunScreen SPF-200 Administrative Workstation, execute the commands directly. % ls -lt /var/sadm/patch > admin.pkginfo % pkginfo -l >> admin.pkginfo Instructions to backout patch on SunScreen SPF-200 Administration Station ------------------------------------------------------------------------- 1. Become root on the Admin Station. 2. Then type: # cd /var/sadm/patch # 110667-01/backoutpatch 110667-01 Instructions to backout patch on SunScreen SPF-200 Screen --------------------------------------------------------- 1. Become root on the Admin Station. 2. Then type: # ss_client ss_patch backout 110667-01 Special Install Instructions: ------------------------------------------------------------ ******************************************************************************************* IMPORTANT NOTE: Prior to installing this patch, you must first install patch 105047-21 onto both the Screen and Administration Station. Without 105047-21, this patch cannot be installed. If you are using SPF-200 1.0 Revision C, patch 105047-21 is available on the cdrom, and should have automatically been loaded onto both the screen and administration station at the time they were installed. If you are running a release prior to Revision C, Patch 105047-21 is only availalable on floppy disk. It can be ordered by contacting your Sun Solution Center or other SunSoft authorized service provider (ASP) in the U.S. ****************************************************************************************** README -- Last modified date: Thursday, February 8, 2001