Patch-ID# 103813-03 Keywords: security rdist buffer overflow lookup sprintf Synopsis: SunOS 5.4: /usr/bin/rdist patch Date: Oct/16/1998 ***************************************************************** This patch 103813-03 was re-instated on July 20, 2001 due to 103813-05 being BADPATCHed: Reason for 103813-05 being BADPATCHed: After installing patch 103813-05, it will corrupt the system's patch DB. As a result, patch 103070-02, if installed, will no longer be reconized by the system as an installed patch. If you have installed 103813-05, please remove it from your system and reintall 103070-02 and 103813-03 in sequence. ******************************************************************* Solaris Release: 2.4 SunOS Release: 5.4 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 103814 Topic: SunOS 5.4: /usr/bin/rdist patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: sparc BugId's fixed with this patch: 1258139 4072602 4119069 4128122 Changes incorporated in this version: 4119069 4128122 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/rdist Problem Description: 4119069 rdist security fixes break rdist 4128122 rdist dumps core (from 103813-02) 4072602 buffer overflow in rdist can be expoloited to become root (from 103813-01) 1258139 *rdist* suffers from buffer overflow Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic ''installpatch'' and ''backoutpatch'' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- NOTE: The fixes for bugs 4119069 & 4128122 also require the installation of the Kernel Update patch 101945-48 (or its newer version). README -- Last modified date: Monday, July 23, 2001