Sun Security Bulletin No 2 Part
00181-00184
Sun Microsystems, Inc. Security Bulletin
Bulletin Number: #00181
Date: December 17, 1998
Cross-Ref:
Title: dtmail
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Background
The dtmail program is the mail user agent for the
Common Desktop
Environment (CDE). dtmail provides an intuitive,
easy-to-use user
interface for reading, sending, and managing electronic
mail.
Several buffer overflows have been found in dtmail
with regards to
its handling of attachments. A remote attacker may
exploit
these vulnerabilities to execute arbitrary instructions
with the
privileges of mail and that of the user reading
the email.
2. Affected Supported Versions
Solaris(tm) versions: 2.6, 2.6_x86, 2.5.1,
2.5.1_x86, 2.5, 2.5_x86,
2.4, and 2.4_x86 running CDE
3. Recommendations
Sun recommends that you install the respective patches
immediately on
affected systems.
CDE Version Patch ID
_________________ _________
1.2
105338-14
1.2_x86
105339-12
1.0.2
104178-03
1.0.2_x86
104185-03
1.0.1
106920-01
1.0.1_x86
106921-01
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
B. Checksums for the patches listed in this bulletin are available
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
C. Sun security bulletins are available via World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins>
D. Sun Security Coordination Team's PGP key is available via World
Wide Web
at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins/SunSCkey.txt>
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun answer centers
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help An explanation of how to get information
key Sun Security Coordination Team's PGP key
list A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
unsubscribe
Sender is removed from the CWS mailing list.
________________________________________________________________________________
________________________________________________________________________________
Sun Microsystems,
Inc. Security Bulletin
Bulletin Number: #00182
Date: December 17, 1998
Cross-Ref:
Title: passwd
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Background
The passwd command changes passwords and password
attributes. A
vulnerability has been discovered in the passwd
utility which could
be exploited to create a denial of service.
2. Affected Supported Versions
Solaris(tm) versions: 2.6, 2.6_x86, 2.5.1,
2.5.1_x86, 2.5, 2.5_x86,
2.4, 2.4_x86 and 2.3
3. Recommendations
Sun recommends that you install the respective patches
immediately
on affected systems.
Operating System Patch ID
_________________ _________
Solaris 2.6
106271-04
Solaris 2.6_x86 106272-04
Solaris 2.5.1
104433-09
Solaris 2.5.1_x86 104434-08
Solaris 2.5
103178-09
Solaris 2.5_x86 103179-09
Solaris 2.4
101945-60
Solaris 2.4_x86 101946-53
Solaris 2.3
101318-91
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
B. Checksums for the patches listed in this bulletin are available
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
C. Sun security bulletins are available via World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins>
D. Sun Security Coordination Team's PGP key is available via World
Wide Web
at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins/SunSCkey.txt>
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun answer centers
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help An explanation of how to get information
key Sun Security Coordination Team's PGP key
list A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
unsubscribe
Sender is removed from the CWS mailing list.
________________________________________________________________________________
________________________________________________________________________________
Sun Microsystems,
Inc. Security Bulletin
Bulletin Number: #00183
Date: February 10, 1999
Cross-Ref:
Title: sdtcm_convert
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Background
sdtcm_convert is a setuid-root calendar data conversion
utility which
converts version 3 (OpenWindows) calendar data format
to version 4
(extensible calendar data format), and vice versa.
A buffer overflow
has been discovered which may be exploited to gain
root access.
2. Affected Supported Versions
Solaris(tm) versions: 7, 7_x86, 2.6,
2.6_x86, 2.5.1, 2.5.1_x86, 2.5,
2.5_x86, 2.4 and 2.4_x86 running CDE
3. Recommendations
Sun recommends that you install the respective patches
immediately
on affected systems.
CDE Version Patch ID
___________ _________
1.3
107022-01
1.3_x86
107023-01
1.2
105566-06
1.2_x86
105567-07
1.0.2
103670-06
1.0.2_x86
103717-06
1.0.1
103671-06
1.0.1_x86
103718-06
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
B. Checksums for the patches listed in this bulletin are available
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
C. Sun security bulletins are available via World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins>
D. Sun Security Coordination Team's PGP key is available via World
Wide Web
at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins/SunSCkey.txt>
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun answer centers
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help An explanation of how to get information
key Sun Security Coordination Team's PGP key
list A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
unsubscribe
Sender is removed from the CWS mailing list.
________________________________________________________________________________
________________________________________________________________________________
Sun Microsystems, Inc. Security Bulletin
Bulletin Number: #00184
Date: February 10, 1999
Cross-Ref:
Title: man/catman
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Background
The man command displays information from the reference
manuals. The
catman utility creates preformatted versions of
the on-line manuals.
Vulnerabilities have been discovered with these
commands that may be
exploited to overwrite arbitrary files when man
or catman is executed
by root.
2. Affected Supported Versions
Solaris(tm) versions: 7, 7_x86, 2.6,
2.6_x86, 2.5.1, 2.5.1_x86, 2.5,
2.5_x86, 2.4, 2.4_x86, and 2.3
SunOS(tm) versions: 4.1.4 and 4.1.3_U1
3. Recommendations
Sun recommends that you install the respective patches
immediately
on affected systems.
Operating System Patch ID
_________________ _________
Solaris 7
107038-01
Solaris 7_x86
107039-01
Solaris 2.6
106123-04
Solaris 2.6_x86 106124-04
Solaris 2.5.1
106905-01
Solaris 2.5.1_x86 106906-01
Solaris 2.5
106907-01
Solaris 2.5_x86 106908-01
Solaris 2.4
106912-01
Solaris 2.4_x86 106962-01
Solaris 2.3
106911-01
SunOS 4.1.4 107157-01
107144-01
SunOS 4.1.3_U1 107156-01
107143-01
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
B. Checksums for the patches listed in this bulletin are available
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
C. Sun security bulletins are available via World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins>
D. Sun Security Coordination Team's PGP key is available via World
Wide Web
at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins/SunSCkey.txt>
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun answer centers
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help An explanation of how to get information
key Sun Security Coordination Team's PGP key
list A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
unsubscribe
Sender is removed from the CWS mailing list.
________________________________________________________________________________
<·µ»Ø> <ÉÏһƪ>