Patch-ID# 101640-04 Keywords: security in.ftpd hole password logs Synopsis: SunOS 4.1.3: in.ftpd fixes Date: Jan/10/97 Solaris Release: 1.1 SunOS Release: 4.1.3 Unbundled Product: Unbundled Release: Relevant Architectures: sparc NOTE: sun4 (all) BugId's fixed with this patch: 4011498 1157926 Changes incorporated in this version: 4011498 Patches accumulated and obsoleted by this patch: 100865-03 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: in.ftpd Problem Description: 4011498 ftp fails with multiple accesses to the server 1157926 /usr/etc/in.ftpd -dl will log all user names and passwords to syslog. This is a security problem. Plain text copies of user passwords can be read from the console and/or log files. Patch Installation Instructions: 1. su root 2. cd 3. cp /usr/etc/in.ftpd /usr/etc/in.ftpd.FCS 4. cp `arch -k`/in.ftpd /usr/etc/in.ftpd