Sun Security Bulletin No 3 Part
00186-00189
________________________________________________________________________________
Sun Microsystems, Inc. Security Bulletin
Bulletin Number: #00186
Date: June 7, 1999
Cross-Ref:
Title: rpc.statd
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Bulletins Topics
Sun announces the release of patches for Solaris(tm)
2.6, 2.5.1,
2.5, 2.4, and 2.3 (SunOS(tm) 5.6, 5.5.1, 5.5, 5.4
and 5.3), which
relate to a vulnerability involving rpc.statd.
Sun recommends that you install the patches listed
in section 4
immediately on systems running SunOS 5.6, 5.5.1,
5.5, 5.4, and 5.3.
2. Who is Affected
Vulnerable: SunOS 5.6, 5.6_x86,
5.5.1, 5.5.1_x86, 5.5, 5.5_x86,
5.4, 5.4_x86, and 5.3.
Not vulnerable: All other supported versions of SunOS.
3. Understanding the Vulnerability
rpc.statd is the NFS file-locking status monitor.
It interacts with
rpc.lockd to provide the crash and recovery functions
for file locking
across NFS. rpc.statd allows indirect RPC calls
to other RPC services.
Because rpc.statd runs as root, this allows remote
attackers to bypass
access controls of other RPC services.
4. List of Patches
The following patches are available in relation to the above problem.
OS Version Patch ID
__________ _________
SunOS 5.6
106592-02
SunOS 5.6_x86
106593-02
SunOS 5.5.1
104166-04
SunOS 5.5.1_x86 104167-04
SunOS 5.5
103468-04
SunOS 5.5_x86
103469-05
SunOS 5.4
102769-07
SunOS 5.4_x86
102770-07
SunOS 5.3
102932-05
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers at:
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&nav=pub-patches
B. Checksums for the patches listed in this bulletin are available at:
ftp://sunsolve.sun.com/pub/patches/CHECKSUMS
C. Sun security bulletins are available at:
http://sunsolve.sun.com/pub-cgi/secBulletin.pl
D. Sun Security Coordination Team's PGP key is available at:
http://sunsolve.sun.com/pgpkey.txt
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun answer centers
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help An explanation of how to get information
key Sun Security Coordination Team's PGP key
list A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
unsubscribe
Sender is removed from the CWS mailing list.
________________________________________________________________________________
Sun Microsystems, Inc. Security Bulletin
Bulletin Number: #00187
Date: June 7, 1999
Cross-Ref:
Title: Version 8.8.8 Sendmail
for SunOS(tm) 5.6 and 5.5.1
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Bulletins Topics
Sun announces the release of patches for Solaris(tm)
2.6 and 2.5.1
(SunOS 5.6 and 5.5.1) containing Sun's implementation
of
version 8.8.8 sendmail.
Sun recommends that customers running SunOS 5.6 and
5.5.1 install the
patches listed in section 4 to take advantage of
the security
enhancements found in version 8.8.8 sendmail.
2. Understanding What is Available
sendmail is a mail transfer agent, Copyright (C)
Eric Allman and the
University of California, which is freely available.
Their base version
is commonly known as "Berkeley sendmail", as opposed
to various vendors'
versions of sendmail (including Sun's). SunOS
5.6 and 5.5.1 originally
included version 8.6.9 of Berkeley sendmail, with
Sun enhancements
added.
Various security related improvements were made in
version 8.8.8 of
Berkeley sendmail, including improvements relating
to email spam and
bombs, and email relaying. Sun's implementation
of version 8.8.8 sendmail
includes enhancements to address subsequently identified
security
vulnerabilities and support for V1/Sun configuration
files, used in
Sun's version of 8.6.9 sendmail.
3. Support for Sun's sendmail
With this release of version 8.8.8 sendmail, Sun
will stop support
for version 8.6.9 sendmail for SunOS 5.6 and 5.5.1.
4. List of Patches
Sun's implementation of version 8.8.8 sendmail is
provided for SunOS 5.6
and 5.5.1 via these patches:
OS Version Patch ID
__________ _________
SunOS 5.6
105395-05
SunOS 5.6_x86
105396-05
SunOS 5.5.1
103594-18
SunOS 5.5.1_x86 103595-18
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers at:
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&nav=pub-patches
B. Checksums for the patches listed in this bulletin are available at:
ftp://sunsolve.sun.com/pub/patches/CHECKSUMS
C. Sun security bulletins are available at:
http://sunsolve.sun.com/pub-cgi/secBulletin.pl
D. Sun Security Coordination Team's PGP key is available at:
http://sunsolve.sun.com/pgpkey.txt
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun answer centers
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help An explanation of how to get information
key Sun Security Coordination Team's PGP key
list A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
_____________________________________________________________________________
Sun Microsystems,
Inc. Security Bulletin
Bulletin Number: #00188
Date: August 25, 1999
Cross-Ref: CERT CA-99-08
Title: rpc.cmsd
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Bulletin Topics
Sun announces the release of patches for Solaris(tm)
7, 2.6, 2.5.1,
2.5, 2.4, 2.3 (SunOS(tm) 5.7, 5.6, 5.5.1, 5.5, 5.4,
5.3), SunOS 4.1.4,
and 4.1.3_U1, which relate to a vulnerability involving
rpc.cmsd.
Sun recommends that you:
Install the OpenWindows patches listed
in section 4 immediately on
systems running SunOS 5.5.1, 5.5, 5.4,
5.3, 4.1.4, and 4.1.3_U1.
Install the Common Desktop Environment
(CDE) patches listed in
section 4 immediately on systems running
SunOS 5.7 and 5.6.
Install the CDE patches listed in section
4 immediately on systems
running SunOS 5.5.1, 5.5, and 5.4 with
CDE 1.0.2 or 1.0.1 installed.
2. Who is Affected
Vulnerable: SunOS 5.7, 5.7_x86,
5.6, 5.6_x86, 5.5.1, 5.5.1_x86,
5.5, 5.5_x86, 5.4, 5.4_x86, 5.3,
4.1.4, and 4.1.3_U1.
Not vulnerable: All other supported versions of
SunOS.
3. Understanding the Vulnerability
The rpc.cmsd is a small database manager for appointment
and
resource-scheduling data. Its primary client is
Calendar Manager
in OpenWindows, and Calendar in CDE. A buffer overflow
vulnerability
has been discovered which may be exploited to execute
arbitrary
instructions and gain root access.
4. List of Patches
The following patches are available in relation to
the above problem.
OpenWindows:
SunOS version Patch ID
_____________ _________
SunOS 5.5.1 104976-04
SunOS 5.5.1_x86 105124-03
SunOS 5.5 103251-09
SunOS 5.5_x86 103273-07
SunOS 5.4 102030-10
SunOS 5.4_x86 102031-08
SunOS 5.3 101513-14
SunOS 4.1.4 100523-25
SunOS 4.1.3_U1 100523-25
CDE:
SunOS versions CDE version Patch ID
______________ ___________ ________
5.7 1.3 107022-04
5.7_x86 1.3_x86 107023-04
5.6 1.2 105566-07
5.6_x86 1.2_x86 105567-08
5.5.1, 5.5, 5.4 1.0.2 103670-07
5.5.1_x86, 5.5_x86, 5.4_x86 1.0.2_x86 103717-08
5.5, 5.4 1.0.1 103671-07
5.5_x86, 5.4_x86 1.0.1_x86 103718-08
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers
at:
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&nav=pub-patches
B. Checksums for the patches listed in this bulletin are available at:
ftp://sunsolve.sun.com/pub/patches/CHECKSUMS
C. Sun security bulletins are available at:
http://sunsolve.sun.com/pub-cgi/secBulletin.pl
D. Sun Security Coordination Team's PGP key is available at:
http://sunsolve.sun.com/pgpkey.txt
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun Solution
Center
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of
the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help
An explanation of how to get information
key
Sun Security Coordination Team's PGP key
list
A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
unsubscribe
Sender is removed from the CWS mailing list.
________________________________________________________________________________
Sun Microsystems, Inc. Security Bulletin
Bulletin Number: #00189
Date: September 8, 1999
Cross-Ref:
Title: LC_MESSAGES
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Bulletin Topics
Sun announces the release of patches for Solaris(tm)
7 and 2.6 (SunOS(tm)
5.7 and 5.6) which relate to a buffer overflow vulnerability
involving
the LC_MESSAGES environment variable.
Sun recommends that you install the patches listed
in section 4
immediately on systems running SunOS 5.7 and 5.6.
2. Who is Affected
Vulnerable: SunOS 5.7, 5.7_x86,
5.6, 5.6_x86.
Not vulnerable: All other supported versions of
SunOS.
3. Understanding the Vulnerability
In libc, the LC_MESSAGES environment variable affects
the behavior of
messaging functions. A vulnerability exists
where a buffer overflow
could be exploited to gain root access. The
patches listed in this
bulletin address both libc and the ufsrestore and
rcp binaries which
are statically linked against libc.
4. List of Patches
The following patches are available in relation to
the above problem.
SunOS version Patch ID
_____________ _________
5.7 106541-07
5.7 ufsrestore 106793-03
5.7 rcp
107972-01
5.7_x86
106542-07
5.7_x86 ufsrestore 106794-03
5.7_x86 rcp 107973-01
5.6
105210-24
5.6 ufsrestore 105722-03
5.6 rcp 107991-01
5.6_x86 105211-22
5.6_x86 ufsrestore 105723-03
5.6_x86 rcp 107992-01
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers
at:
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&nav=pub-patches
B. Checksums for the patches listed in this bulletin are available at:
ftp://sunsolve.sun.com/pub/patches/CHECKSUMS
C. Sun security bulletins are available at:
http://sunsolve.sun.com/pub-cgi/secBulletin.pl
D. Sun Security Coordination Team's PGP key is available at:
http://sunsolve.sun.com/pgpkey.txt
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun Solution
Center
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of
the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help
An explanation of how to get information
key
Sun Security Coordination Team's PGP key
list
A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
unsubscribe
Sender is removed from the CWS mailing list.
________________________________________________________________________________