Patch-ID# 100383-07 Keywords: security rdist setuid client remote distfile Synopsis: SunOS 4.1.3: rdist security Date: Jul/23/96 Solaris Release: 1.1 SunOS Release: 4.1.3 Note: The fixes for 4.0.3, 4.1, 4.1.1, 4.1.2 and the 3x architecture from Patch 100383-06 may now be found in Patch 103822-01. Unbundled Product: Unbundled Release: Relevant Architectures: sparc NOTE: sun4 BugId's fixed with this patch: 1258139 1069497 1074961 1059506 Changes incorporated in this version: 1258139 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Obsoleted by: Problem Description: 1258139 rdist suffers from buffer overflow 1069497 user can gain root access using rdist 1074961 rdist can be used to create a setuid shell 1059506 rdist doesn't transfer hard linked files to different paths INSTALL: As root: mv /usr/ucb/rdist /usr/ucb/rdist.FCS chmod 100 /usr/ucb/rdist.FCS cp `arch -k`/rdist /usr/ucb/rdist chmod 4751 /usr/ucb/rdist chown root.staff /usr/ucb/rdist