Patch-ID# 103824-04 Keywords: security rdist setuid buffer overflow Synopsis: SunOS 4.1.4: rdist security Date: Oct/16/98 Solaris Release: 1.1.2 SunOS Release: 4.1.4 Unbundled Product: Unbundled Release: Relevant Architectures: sun4(all) BugId's fixed with this patch: 1258139 4072602 4128122 Changes incorporated in this version: 4128122 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Obsoleted by: Files included with this patch: sun4/rdist sun4c/rdist sun4m/rdist Problem Description: 4128122 rdist dumps core 4072602 rdist buffer overflow may enable root exploit 1258139 rdist suffers from buffer overflow Installation Instructions: 1) As root, save the original rdist file: mv /usr/ucb/rdist /usr/ucb/rdist.FCS chmod 100 /usr/ucb/rdist.FCS 2) Copy the new rdist from the patch directory: cp `arch -k`/rdist /usr/ucb/rdist chmod 4751 /usr/ucb/rdist chown root.staff /usr/ucb/rdist