Patch-ID# 106943-28 Keywords: security automountd nfsd rpc lookups initgroups libdbm Synopsis: SunOS 5.7_x86: libnsl, rpc.nisd and nis_cachemgr Patch Date: Aug/26/2003 Install Requirements: Additional instructions may be listed below Install in Single User Mode Reboot immediately after patch is installed Solaris Release: 7_x86 SunOS Release: 5.7_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 106942 Topic: SunOS 5.7_x86: libnsl, rpc.nisd and nis_cachemgr Patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: i386 BugId's fixed with this patch: 1226166 4055704 4055715 4055724 4055727 4124715 4152002 4157559 4161969 4162879 4165775 4186012 4202735 4216240 4222922 4232494 4233192 4239643 4240463 4240833 4246959 4280714 4283726 4295834 4296198 4302436 4302592 4305859 4318294 4326943 4327396 4336332 4354007 4374142 4394576 4428119 4430473 4455896 4471041 4668699 4680691 4690775 4691127 4692229 4710928 4767276 4828271 Changes incorporated in this version: 4828271 Patches accumulated and obsoleted by this patch: 107216-01 Patches which conflict with this patch: Patches required with this patch: 106542-13 or greater Obsoleted by: Files included with this patch: /etc/default/rpc.nisd /usr/include/rpc/rpc_com.h /usr/include/rpc/svc.h /usr/lib/libnisdb.a /usr/lib/libnisdb.so.2 /usr/lib/libnsl.a /usr/lib/libnsl.so.1 /usr/lib/nis/nisopaccess /usr/lib/nis/nisping /usr/sbin/nis_cachemgr /usr/sbin/rpc.nisd /usr/ucblib/libdbm.a /usr/ucblib/libdbm.so.1 Problem Description: 4828271 clnt_create()/clnt_create_timed() don't timeout with unexpected UDP. (from 106943-27) 4767276 rpcbind can be killed remotely (from 106943-26) 4668699 buffer overflow in dbm_open and dbminit (except the one in libc) (from 106943-25) 4710928 rpcbind exits with segv on both cluster node (from 106943-24) 4680691 doctored rpc calls over UDP can bring down machines through rpcbind (from 106943-23) 1226166 rpcbind does not bind with the correct network interface 4690775 nisplus_ldap_udt: rpcbind got killed and core dump during nisplus server setup (from 106943-22) 4691127 Possible type overflow in xdr_array 4692229 gethostbyname_r mt inconsistency of result asking 'dot IP notation' as name (from 106943-21) 4240833 RPC AUTH_DES credentials stays on stack. (from 106943-20) 4455896 rpc.nispasswdd failed: RPC: .... NIS+ fatal error: 15 (from 106943-19) 4471041 rpc.nisd should accept rpc records > 9K for non-blocking transfers 4394576 nisgrpadm intermittently fails to update NIS+ group (from 106943-18) 4430473 rpc.nisd: svc_getreqset: No transport handle for fd 291 (from 106943-17) 4283726 fsck hangs in phase 4 in getpwuid() call 4302436 getgrgid() hangs on large group lookups to NIS+ 4327396 nis_modify_entry(): deadlock in rpc_fd_lock() with MT nis table modification 4354007 xdrmem_putbytes and xdrmem_putlong emit a syslog error message when the buffer isn't long enough 4428119 106942-15 breaks TLI with EOVERFLOW on Solaris 7 (from 106943-16) 4374142 RPC services using RPC_SVC_MT_AUTO can stop listening (from 106943-15) 4336332 svc_getreqset (t_accept) returns illegal file descriptor in Solaris 7/8 (from 106943-14) 4280714 rpc.nisd hangs and consumes a lot of memory 4302592 TLI library is not fork-safe 4326943 Gets hundreds of __directory_object: Failed to lookup ... no such name (from 106943-13) 4318294 Operations on NIS+ master slow when bug fix 4165775 is introduced (from 106943-12) 4295834 NETPATH security problem in libnsl 4296198 NIS_OPTIONS sh vars (libnsl) security problem (from 106943-11) 4305859 libnsl bug can cause application core dump due to ill-formed remote address. (from 106943-10) 4232494 sendmail dumps core on autoclient machines running NISPLUS (from 106943-09) 4124715 Denial of Service in connection oriented transports. (from 106943-08) 4246959 rpc.nispasswdd leaks memory during normal use (from 106943-07) 4202735 mountd hangs on server when file descriptor cache associated with RPC connection expires. 4222922 mountd hangs waiting for nameservice because of deadlock within nis_handle() (from 106943-06) 4165775 replica servers may attempt to allocate huge amounts of memory. 4233192 NIS+ stops responding to UDP requests 4240463 checkpoint completes, but does not clear master's transaction log (from 106943-05) 4239643 rgmd servers core dump when running low on memory due to non-robust RPC (from 106943-04) 4055715 PSARC/1999/159 - NIS_PING not authenticated 4055704 PSARC/1999/159 - NIS_CALLBACK not authenticated 4055724 PSARC/1999/159 - NIS_CHECKPOINT not authenticated 4055727 PSARC/1999/159 - NIS_CPTIME not authenticated 4216240 nisd generates irrelevant messages "isn't a directory" (from 106943-03) 4186012 NIS+ replicas may lose synchronization with the NIS+ master (from 106943-02) 4162879 After the TTL value of directory cache expires the subdomain client. root object (from 106943-01) 4161969 passwd lookups via FOLLOW_LINK do not FOLLOW_PATH from linked table any further 4157559 automountd won't retry the Null call to nfsd in pingnfs() (from 107216-01) 4152002 NIS+ groups do not work in the Solaris 2.6 Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Install patch in Single User Mode. Reboot the system after patch installation. NOTE 1: To get the complete fix for 4246959 (rpc.nispasswdd leaks memory during normal use) you also need to install the following patch: 108552-02 /usr/sbin/rpc.nispasswd patch NOTE 2: To get the complete fix for bug 4124715 (DENIAL OF SERVICE IN CONNECTION ORIENTED TRANSPORTS), one also needs to install the following patches: 106943-09 (or newer) libnsl & rpc.nisd 107478-03 (or newer) /usr/lib/nfs/mountd 108749-01 (or newer) /usr/lib/nfs/statd 108751-01 (or newer) /usr/lib/netsvc/yp/ypbind 108753-01 (or newer) /usr/lib/netsvc/yp/ypserv 108755-01 (or newer) /usr/lib/netsvc/yp/ypxfrd 108757-01 (or newer) /usr/lib/netsvc/yp/rpc.ypupdated 108759-01 (or newer) /usr/sbin/keyserv 108761-01 (or newer) /usr/sbin/rpcbind 108763-01 (or newer) /usr/sbin/rpc.nisd_resolv 108765-01 (or newer) /usr/sbin/rpc.bootparamd 108552-03 (or newer) /usr/sbin/rpc.nispasswdd NOTE 3: In order to obtain the complete fix for bugid 4691127 (Possible type overflow in xdr_array), Patch 108452-06 or newer must also be installed on your system. NOTE 4: In order to obtain the complete fix for bugid 1226166 (rpcbind does not bind with the correct network interface), Patch 108761-02 or newer must also be installed on your system. README -- Last modified date: Tuesday, August 26, 2003