#110061-22: SEAM 1.0.1_x86: patch for Solaris 8

SEAM 1.0.1_x86: patch for Solaris 8_x86

Status: RELEASED

Patch Id: 110061-22

***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Summary: SEAM 1.0.1_x86: patch for Solaris 8_x86

Date:  Jul/27/2007

Installation Requirements:

NA

Solaris Release: 8_x86

Sun OS Release: 5.8_x86

Unbundled Product: Solaris Enterprise Authentication Mechanism

Unbundled Release: 1.0.1

Xref: This patch available for SPARC as patch 110060

Topic:

Relevant Architecture: i386

BugId's fixed with this patch:

4310410 4310415 4310420 4311749 4313926 4338622 4346120 4346410 4348078 4390628 4418644 4451327 4484541 4491825 4493059 4509090 4524845 4615238 4632646 4634657 4806989 4836676 5054473 5077951 6209960 6248576 6327628 6529370 6538001 6562672

Changes incorporated in this version:


6562672 6538001

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Required Patches:

Obsoleted by:

Files Included in this Patch:

/usr/krb5/bin/ftp
/usr/krb5/bin/telnet
/usr/krb5/lib/ftpd
/usr/krb5/lib/krb5kdc
/usr/krb5/lib/libkadm5srv.so
/usr/krb5/lib/libkadm5srv.so.1
/usr/krb5/lib/libpty.so
/usr/krb5/lib/libpty.so.1
/usr/krb5/lib/login.krb5
/usr/krb5/lib/rlogind
/usr/krb5/lib/rshd
/usr/krb5/lib/telnetd
/usr/krb5/sbin/kdb5_util
usr/krb5/lib/kadmind

Problem Description:

6562672 [MITKRB5-SA-2007-005] kadmind vulnerable to buffer overflow
6538001 (CVE-2007-0957) KDC, kadmind stack overflow in krb5_klog_syslog
 
(from 110061-21)
 
6529370 [MITKRB5-SA-2007-001] SEAM telnetd (SUNWkr5sv) allows login as any user without a password
 
(from 110061-20)
 
        Skipped for revision number alignment.
 
(from 110061-19)
 
6327628 SEAM patches require patchpro metadata
 
(from 110061-18)
 
        This revision was built to address a patch packaging issue.
 
(from 110061-17)
 
6248576 SEAM telnet client needs solaris fix 6234932 (buffer overflow)
 
(from 110061-16)
 
5054473 kerberised telnet daemon ignores /etc/issue
5077951 /usr/krb5/lib/rlogind not cleaning out its environment properly when inetd is restarted by hand
 
(from 110061-15)
 
6209960 heap buffer overflow in libkadm5srv
 
(from 110061-14)
 
4836676 Bounds checks not in place for princs in krbv5
 
(from 110061-13)
 
4806989 kerberized telnet client does not handle "mode character" correctly
 
(from 110061-12)
 
4524845 forwardable flags are not set when telneting from a non-kerberos to a kerberos
4632646 kerberos telnetd uses login.krb5 which does not honor /etc/default/login
4390628 login.krb5 doesn't call PAM API in the correct order
4634657 login.krb5 coredumped
 
(from 110061-11)
 
4338622 BUFFER OVERRUN VULNERABILITIES IN KERBEROS (SEAM)
4509090 SEAM telnetd gives away if a user exists or not
 
(from 110061-10)
 
4615238 login.krb5 contains buffer overflow
 
(from 110061-09)
 
4313926 kerberos rlogin/rsh/telnet/ftp sessions not audited
 
(from 110061-08)
 
4491825 ktelnet security problem when used with Solaris 8
 
(from 110061-07)
 
        This revision fixes omission of updated ftpd/telnetd in revision -04.
 
(from 110061-06)
 
        Skipped for revision number alignment.
 
(from 110061-05)
 
        Skipped for revision number alignment.
 
(from 110061-04)
 
4484541 krbv5 telnetd vunerable to buffer overflows
4493059 CR 4310420 fix needs some more work
 
(from 110061-03)
 
4418644 ftp server does not conform with rfc 2228
4451327 krb5 ftpd vulnerable to buffer overflows
4311749 SEAM 1.0 telnet core dumping when the KDC is Win2000 FCS
 
(from 110061-02)
 
4346410 Kerberos 5 telnetd creates many useless utmpx files
4348078 /var/krb5/kdc.log and /var/krb5/kadmin.log has permissions 0644
4346120 rlogin using kerberos takes too long
 
(from 110061-01)
 
4310415 kerberized rshd fails with non-root-accessible home directories
4310420 kerberized ftpd fails to chdir to non-root-accessible home directories
4310410 login.krb5 chdir to non-root-accessible home directories fails for rlogin/telnet

Revision History:

110061-12 110061-21 110061-16 110061-07 110061-14 110061-15 110061-08 110061-13 110061-11 110061-03 110061-18 110061-10

Patch Installation Instructions:

-------------------------------- 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-8 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:

----------------------------- 
 
NOTE 1:  To get the complete fix for bugid 4836676 (Bounds checks not in place
         for princs in krbv5), please also install the following patch:
 
         112238-08 (or greater)  mech_krb5.so.1 patch
 
         Although 110061-14 and 112238-08 do not have a hard requirement or
         dependency on each other, the complete resolution for bugid 4836676
         requires both patches.

README -- Last modified date:  Friday, July 27, 2007

Login Required

Login Required