Patch-ID# 103187-49 Keywords: security y2000 libnsl rpc.nisd nis_cachemgr bootparam automountd Synopsis: SunOS 5.5: libc, libnsl, libucb, nis_cachemgr and rpc.nisd patch Date: Jun/19/2001 Solaris Release: 2.5 SunOS Release: 5.5 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 103188 Topic: SunOS 5.5: libc, libnsl, libucb, nis_cachemgr and rpc.nisd patch NOTE: Refer to Special Install Instructions Section for IMPORTANT specific information on this patch. Relevant Architectures: sparc BugId's fixed with this patch: 1160090 1189481 1211172 1212974 1213016 1216036 1219671 1221809 1223323 1223326 1223383 1224057 1225430 1228254 1229805 1230570 1232010 1232758 1233625 1234558 1234630 1235042 1235501 1235867 1236423 1236442 1238038 1240224 1242395 1242968 1244872 1244917 1245451 1246630 1246864 1247052 1248090 1249373 1249903 1255623 1258916 1259200 1262462 1262666 1264708 1265785 4005483 4005686 4011495 4016724 4022240 4022299 4025665 4028300 4029971 4030045 4045229 4045268 4045522 4050818 4057606 4057738 4067374 4080264 4085394 4095455 4102420 4105997 4118037 4124715 4135388 4139126 4165597 4175558 4184623 4190645 4295834 4296198 4305859 4366956 4375449 Changes incorporated in this version: 4366956 4375449 Patches accumulated and obsoleted by this patch: 103048-04 103060-05 103066-01 103230-05 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/include/nl_types.h /usr/include/rpc/rpc_com.h /usr/include/rpc/svc.h /usr/lib/autofs/automountd /usr/lib/fn/fn_ctx_onc_fn_nisplus_root.so.1 /usr/lib/fs/autofs/automount /usr/lib/libc.a /usr/lib/libc.so /usr/lib/libc.so.1 /usr/lib/libintl.a /usr/lib/libintl.so.1 /usr/lib/libnsl.a /usr/lib/libnsl.so.1 /usr/lib/libp/libc.a /usr/lib/pics/libc_pic.a /usr/sbin/in.telnetd /usr/sbin/nis_cachemgr /usr/sbin/rpc.nisd /usr/sbin/static/rcp Problem Description: 4366956 NLSPATH gettext introduces problems when used printf format specifier 4375449 dtmail crashes when calling catgets with NULL default message (from 103187-48) README corrections (from 103187-47) 4057738 temporary filename security exploits (from 103187-46) 4295834 NETPATH security problem in libnsl 4296198 NIS_OPTIONS sh vars (libnsl) security problem (from 103187-45) 4305859 libnsl bug can cause application core dump due to ill-formed remote address (from 103187-44) 4124715 Denial of Service in connection oriented Transports. (from 103187-43) 4184623 broken date in GMT timezone, displays as BST with TZ=GB-Eire (from 103187-42) 4175558 TZ=GMT0BST-1,M3.5.0/2:00,M10.5.0/2:00 breaks 6 times from now to 2037 4190645 Y2000 problem in libc in function posixgetdst (from 103187-41) 4102420 segv's and libthread panics when numerous pthread_cancel()'s are run (from 103187-40) 4165597 getdate should allow dates before 1970 - Backport of 4050856 & 4036732 (from 103187-39) 4139126 libnsl buffer overflows 4067374 localtime(0) error (from 103187-38) 4135388 rpc.nisd buffer overflow (from 103187-37) 4085394 TCP connections to rpcbind remain established if client is halted. (from 103187-36) 4118037 getgrent_r() hangs if nis is not up and libthread is linked in. (from 103187-35) 4105997 Y2000 tm_test01 fails with current S2.5.1 strptime() (from 103187-34) 4095455 automounter security problem (from 103187-33) 4045229 strptime and getdate year calculation not count century; strptime range checks 4050818 getdate %C (century) should use current year offset if year offset not given (from 103187-32) 1189481 automountd caches old ip address of nfs server and never refreshes (from 103187-31) 4080264 ypbind.pid file not created for diskless clients 1234558 nm /usr/lib/libc.so gives core dump at _coll_strcoll() (from 103187-30) 4022240 Informix processes hang with corrupt TLI endpoint state (from 103187-29) 1225430 ypbind can get requests before it is ready for them (from 103187-28) 4045268 nis_cachemgr does not verify authenticity of objects 4057606 Out of domain NIS+ lookups don't work after applying fix for 4045268 (from 103187-27) 4022299 syslogd.pid file deadlock prevents syslogd from starting (from 103187-26) 1262462 create, delete, recreate of user account in NIS+ disruptive to NIS+ server 4030045 strxfrm with LC_CTYPE == "de and LC_COLLATE == "de" causes bus error 4045229 strptime and getdate year calculation not count century; strptime range checks 4045522 need to complete the fix of 1219295 (from 103187-25) 1236442 When mounting from an SGI box with -vers=2 it mounts using NFS version 3 (from 103187-24) 4025665 nisping -Ca broken by fix to bugid#4005483 4011495 'zoneinfo' summertime/wintertime (Southern hemisphere) switchover anomaly Various geographic regions in the Southern hemisphere report a daylight savings time switchover problem in conjunction with the 'zoneinfo' database feeding 'localtime(3)'. (from 103187-23) 4029971 getopt security problem. This fix for 4029971 requires the static version of rcp to be included in the patch. (from 103187-22) 4029971 getopt security problem (from 103187-21) 1223323 No bounds checking on NIS_GROUP environment variable 1247052 nis_dumplog_r translates all failures into NIS_RPCERROR (from 103187-20) 1212974 Bogus bootparam packet makes rpcbind stop working (from 103187-19) 4016724 nis_cptime failure in nisd causes unreliable update propagation (from 103187-18) 4005483 replica doing full resync too frequently 1232758 finddirectory calls fails when there are too many replicas (from 103187-17) 4005686 strncmp() accesses memory locations beyond it is supposed to 1223326 possible memory leak in "rpc.nisd" (from 103187-16) 1249373 Application file descriptors are being closed without applications knowledge (from 103187-15) 1230570 nisplus strips leading spaces before doing lookup. (from 103187-14) 1259200 no more syslog from rpc.nisd after the fix for 1244917 in T101318-80 (from 103187-13) 1248090 getwd very slow over nfs to 4.1.3 server (from 103187-12) 1249903 rpc.nisd hung in nis_list_svc on getmsg in _rcv_conn_con (from 103187-11) 1264708 get segmt fault on malloc with getcwd, chdir and opendir over PATH_MAX 1245451 bug in syslogd failing to log messages every 12-48 hours of operation 1242968 A 2.3 multi-threaded application binary crashes on 2.5 (from 103187-10) 1265785 fwrite regression from 2.4 to 2.5, 2.5.1 (from 103187-09) 1262666 nscd client backend, getxby_door, has buffer overflows (from 103187-08) 1255623 getdate() fails on 1st of month with julian date (from 103187-07) 1244917 syslog(3) does not correctly cache the file descriptor that it writes on (from 103187-06) 1246864 Multithreaded C++ program using strptime() causes bus error when 'new' used. (from 103187-05) 1219671 Memory is given free which was never allocated before. (from 103187-04) 1235867 line buffered stdio loses data and/or hangs in 2.5 (from 103187-03) 1240224 chroot: Can't use openlog(3), syslog(3) and closelog(3) (from 103187-02) 1235042 nscd library code nukes filedescriptor if its fd is closed by application (from 103187-01) 1238038 iconv_close returns wrong data type 1229805 popen assumes maximum number of file descriptors is 256 (from 103060-05) 1258916 nis_cachemgr causing other many processes to hang in semop (from 103060-04) 1213016 User looses access to secondary groups if nisplus root master is not up (from 103060-03) 1246630 nisd can potentially hang if it gets a SIGCHLD/SIGHUP on an established callback (from 103060-02) 1244872 nis_cachemgr can deadlock when servers are unavailable (from 103060-01) 1160090 nis_cachemgr should delete expired dir objects only if they can be refreshed (from 103230-05) 1242395 NIS+ TTLs for objects not correct on 2.4 slave replicas and 2.3 slave/clients. (from 103230-04) 1232010 retransmit time, 15 seconds, for NIS+ UDP queries is too long (from 103230-03) 1234630 Client side RPC handle caching and server side fd leaks needs a general solution 1223383 NIS+ clients should always try to bind to servers on the local subnet first (from 103230-02) 1221809 absence of user public key caching makes NIS+ inter-domain lookups unreliable (from 103230-01) 1235501 checkpointing can crash nisd if non-existent replica is in transaction log 1216036 NIS+ client library does not retransmit RPC call to rpcbind on NIS+ servers (from 103066-01) 1224057 rpc.nisd hangs in write(2) (from 103048-04) 4028300 automounter security hole (from 103048-03) 1228254 autofs cannot mount replicated NFS via CacheFS 1236423 indirect hierarchical automount maps cache at 2.5 instead of lofs (from 103048-02) 1233625 automount retry option does not work in 2.5 (from 103048-01) 1211172 Automountd fails to unmount lofs file system Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- WARNING: A side effect of the fix for bug 1235867 causes Fortran 90 Version 1.1 programs to Segmentation Fault if they write to terminal or other line buffered device (bug 1260474). There are two ways of fixing this: 1) upgrading to Fortran 90 Version 1.2 -OR- 2) installing patch 103219-06 (or its newer rev) and rebuilding the f90 application. Work around for programs that only output to terminal by redirecting or piping output. For example -- program | cat NOTE 1: To get the complete fix for bugid 1225430 (YPBIND CAN GET REQUESTS BEFORE IT IS READY FOR THEM), one also needs to install the ypbind patch (105169-01 or newer). NOTE 2: To get the complete fix for bugid 4080264 (YPBIND.PID FILE NOT CREATED FOR DISKLESS CLIENTS), one also needs to install the ypbind patch (105169-02 or newer). NOTE 3: To get the complete fix for bugid 4102420 (SEGV's AND LIBTHREAD PANICS WHEN NUMEROUS pthread_cancel()'s ARE RUN), one also needs to install the KU patch (103093-25 or newer). NOTE 4: To get the complete fix for bug 4124715 (DENIAL OF SERVICE IN CONNECTION ORIENTED TRANSPORTS), one also needs to install the following patches: 104223-03 (or newer) /usr/lib/nfs/mountd patch 103468-05 (or newer) /usr/lib/nfs/statd patch 105169-03 (or newer) /usr/lib/netsvc/yp/ypbind patch 104357-07 (or newer) /usr/sbin/rpcbind patch 103708-03 (or newer) /usr/sbin/rpc.nisd_resolv patch 104000-02 (or newer) /usr/sbin/rpc.nispasswdd patch 108647-01 (or newer) /usr/sbin/keyserv patch 108649-01 (or newer) /usr/sbin/rpc.bootparamd patch NOTE 5: To get the complete fix for 4366956 (NLSPATH gettext introduces problems when used printf format specifier), we recommend installing the following patches: 104410-05 (or newer) /sbin/su patch 103261-08 (or newer) /usr/lib/fs/ufs/ufsrestore patch Reboot the system after patch installation. README -- Last modified date: Tuesday, June 19, 2001