Patch-ID# 107454-06 Keywords: security ftp global timeout buffer overflow Synopsis: SunOS 5.7: /usr/bin/ftp patch Date: Feb/21/2003 Install Requirements: None Solaris Release: 7 SunOS Release: 5.7 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 107455 Topic: SunOS 5.7: /usr/bin/ftp patch Relevant Architectures: sparc BugId's fixed with this patch: 4112039 4138598 4193146 4197316 4294697 4621760 Changes incorporated in this version: 4621760 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/ftp Problem Description: 4621760 ftp debug output includes passwords in clear text form (from 107454-05) 4112039 ftp runique option causes mget to fail, incorrect file name generation on get (from 107454-04) 4294697 ftp doesn't work with long file names (from 107454-03) 4197316 buffer overflow in ftp (from 107454-02) 4193146 ftp client is too restrictive after fix for 4080226 Here's the description of bug 4080226 - a security bug where mget could be fooled to run a command by having a server serve up a filename containing a pipe character '|'). (from 107454-01) 4138598 ftp client needs global timeout mechanism; allow for the ftp client to timeout before TCP decides to close down. Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- None. README -- Last modified date: Friday, February 21, 2003