Patch-ID# 106601-01 Keywords: security international publickey on keyserv rpc.rexd librpcsvc.a Synopsis: SunOS 4.1.4: librpcsvc.a security fix Date: Aug/03/98 NOTE: ******************************************************************************* This patch contains the "international/standard" version of librpcsvc.a and may be given to any customer. This patch also includes new versions of those binaries (keyserv, on, rpc.rexd) which are statically linked to librpcsvc.a. ******************************************************************************* Solaris Release: 1.1.2 SunOS Release: 4.1.4 Unbundled Product: Unbundled Release: Relevant Architectures: sparc NOTE: sun4(all) BugId's fixed with this patch: 4155587 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: keyserv librpcsvc.a on rpc.rexd Problem Description: 4155587 SunOS 4.1.x getpublickey buffer overflow problem Patch Installation Instructions: 1) As root, make copies of the existing binary files: mv /usr/etc/keyserv /usr/etc/keyserv.fcs mv /usr/etc/rpc.rexd /usr/etc/rpc.rexd.fcs mv /bin/on /bin/on.fcs mv /usr/lib/librpcsvc.a /usr/lib/librpcsvc.a.fcs 2) Copy the new files from the patch directory: cp keyserv /usr/etc cp rpc.rexd /usr/etc cp on /bin cp librpcsvc.a /usr/lib ranlib /usr/lib/librpcsvc.a 3) Set permissions and ownership: chmod 755 /usr/etc/keyserv chown root.staff /usr/etc/keyserv chmod 755 /usr/etc/rpc.rexd chown root.staff /usr/etc/rpc.rexd chmod 755 /bin/on chown root.staff /bin/on chmod 644 /usr/lib/librpcsvc.a chown root.staff /usr/lib/librpcsvc.a 4) librpcsvc.a is a statically linked library. All customer applications which use this library must be rebuilt (relinked) after the new librpcsvc.a is installed in order to realize the security fix.