Patch-ID# 100272-07 Keywords: security, dump, in.comsat, in.talkd, shutdown, syslogd, 4.1.x, biff, mail Synopsis: SunOS 4.1.3: Security update for in.comsat. Date: Mar/16/94 Solaris Release: 1.1 SunOS Release: 4.1.3C 4.1.3 4.1.2 4.1.1 Unbundled Product: Unbundled Release: Relevant Architectures: sun3 sun3x sun4 sun4c sun4m BugId's fixed with this patch: 1140162 1048928 1035603 Changes incorporated in this version: 1140162 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 100593(-03+) 100909(-02+) 101480 101481 101482 Obsoleted by: 4.1.3_U1 Files included with this patch: in.comsat Problem Description: 1140162 Several programs, as originally shipped, could be exploited in an obscure way to gain root access. 1048928 (Patch 100272-06) The current in.comsat has a default 120-second idle time, which can cause many in.comsat daemons to be created in a very short time. This may cause the process table to be filled up. This patch changes in.comsat by recognizing an argument, maxidle, specified in seconds, to over-ride the default 120-second MAXIDLE time. 1035603 (Patch 100272-06) In.comsat daemon fails with 8-character login names, especially when one is logged in remotely. In.comsat core dumps in this case, and the user's mail is not biff'ed to the terminal. Patch Installation Instructions: 1) Login as root. 2) Make a backup copy of the old file (if you have installed any of the earlier patch revisions, you may wish to save under another name): mv /usr/etc/in.comsat /usr/etc/in.comsat.fcs 3) Change the permissions on the saved file to prevent its execution: chmod 400 /usr/etc/in.comsat.fcs 4) Copy in the patched file: cp `uname -m`/`uname -r`/in.comsat /usr/etc/in.comsat 5) Set ownership & permissions: chown root /usr/etc/in.comsat chgrp staff /usr/etc/in.comsat chmod 755 /usr/etc/in.comsat