Description
This article is from the Security Patches FAQ, by Christopher Klaus cklaus@iss.net with numerous contributions by
others.
2 - Sun Microsystems, Inc. SunOS 4.x and Solaris 2.x (Security Patches)
Patches may be obtained via anonymous ftp from
ftp.uu.net:/systems/sun/sun-dist or from local Sun Answer Centers worldwide.
Sun makes lists of recommended patches (including security patches)
available to customers with support contracts via its Answer Centers and the
SunSolve service. The lists are uploaded on an informal basis to the
ftp.uu.net patch repository maintained by Sun for other customers, and
posted periodically on the comp.security.unix newsgroup.
Patches are also available via anonymous ftp from
sunsolve1.sun.com:/pub/patches online.sunsolve.sun.co.uk:/pub/patches/
Check out the the sunsolve www-page at http://online.sunsolve.sun.co.uk/
Below is a list of security patches that should be implemented. Please use
Sun's patch list for the authoritative answer. If you see any discrepencies
please notify Christopher Klaus (cklaus@iss.net).
100075-12 rpc.lockd jumbo patch for SunOS 4.1.3
101817-01 rpc.lockd jumbo patch for SunOS 4.1.x, x<3 (same as 10075-11).
100103-11 script to change file permissions to a more secure mode
100170-10 jumbo-patch ld-1.144 shared LD_LIBRARY_PATH -Bstatic SPARCworks
100173-09 NFS Jumbo Patch
100178-08 netd "broken server detection" breaks on fast machines
100249-09 automounter jumbo patch
100272-07 security hole in utmp writable
100283-03 in.routed mishandles gateways, multiple routes
100296-04 rpc.mountd exports to the world
100305-14 lpr package
100338-05 system crashes with assertion failed panic.(may be obsolete)
100342-03 NIS client needs long recovery time if server reboots
100359-06 streams jumbo patch
100383-06 rdist can be used to get root access
100421-03 rpc.rexd does not log appropriate accounting messages
100448-01 loadmodule
100482-04 ypxfrd exporting NIS maps to everybody
100507-04 tmpfs jumbo patch
100527-03 rsh uses old-style selects instead of 4.0 selects
100536-02 NFS can cause panic: assertion failed crashes
100557-02 ftp Jumbo patch
100564-07 C2 Jumbo patch
100567-04 mfree panic due to mbuf being freed twice
100593-03 security hole in utmp writable
100623-03 UFS jumbo patch
100909-02 security hole in utmp writable
101480-01 security hole in utmp writable
101481-01 security hole in utmp writable
101482-01 security hole in utmp writable
102060-01 Fixes the passwd -F hole.
101436-08 Fix for /bin/mail
Solaris 2.2 Recommended Patches:
100982-03 SunOS 5.2: fixes for kernel/fs/fifofs
100992-03 SunOS 5.2: streams related panics involving local transport
100999-71 SunOS 5.2: kernel jumbo patch
101014-05 SunOS 5.2: fixes for usr/lib/libsocket
101022-06 SunOS 5.2: NIS/NIS+ jumbo patches
101025-14 SunOS 5.2: Jumbo patch fixes for lp system
101031-02 SunOS 5.2: file descriptor limit is too low on inetd
101090-01 SunOS 5.2: fixes security hole in expreserve
101096-02 SunOS 5.2: fixes for rpcbind
101109-04 SunOS 5.2: fixes problems with ldterm, ptm, pts
101122-07 SunOS 5.2: fixes for the packaging utilities
101301-03 SunOS 5.2: security bug & tar fixes
101348-01 SunOS 5.2: system hangs due to mblk memory leak
Solaris 2.3 Recommended Patches:
101317-11 SunOS 5.3: lp jumbo patch
101318-59 SunOS 5.3: Jumbo patch for kernel (includes libc, lockd)
101327-08 SunOS 5.3: security and miscellaneous tar fixes
101331-05 SunOS 5.3: fixes for package utilities
101344-11 SunOS 5.3: Jumbo NFS patch security
101347-02 SunOS 5.3: fixes for ttcompat
101615-02 SunOS 5.3: miscellaneous utmp fixes
101631-02 SunOS 5.3: kd and ms fixes
101712-01 SunOS 5.3: uucleanup isn't careful enough when sending mail
102034-01 SunOS 5.3: portmapper security hole
101889-03 OpenWindows 3.3: filemgr forked executable ff.core has a se
Solaris 2.4 Recommended Patches:
101945-13 SunOS 5.4: jumbo patch for kernel
101959-02 SunOS 5.4: lp jumbo patch
101981-01 SunOS 5.4: SECURITY: su can display root password in the co
102007-01 SunOS 5.4: vnode v_count is not maintained correctly
102044-01 SunOS 5.4: bug in mouse code makes "break root" attack poss
102070-01 SunOS 5.4: Bugfix for rpcbind/portmapper
Sendmail patches are important. Check out Sendmail section.
Turn off IP-Forward on SunOs Kernel and kmem via:
"echo ip_forwarding/W 0" | adb -w /vmunix /dev/kmem
To turn off source routed packets on Solaris 2.X. Edit /etc/rc.2.d/S69.inet
and change
ndd -set /dev/ip ip_forwarding 0
ndd -set /dev/ip ip_ip_forward_src_routed 0
reboot.
Source routing patch for SunOs 4.1.x
ftp.greatcircle.com:/pub/firewalls/digest/v03.n153.Z
To Secure a Sun console physically:
(for desktop sparc models)
$su
#eeprom security-mode=command
Password:
Retype password:
#
(for other models)
$su
#eeprom secure=command
Password:
Retype password:
#
This restricts access to the new command mode.
Remove suid from crash, devinfo. These both are known to be exploitable on
some Sun and are rarely used.
The following is a package of patches for SunOs from Australian group SERT:
ftp.sert.edu.au:/security/sert/tools/MegaPatch.1.7.tar.Z
Continue to:
Share and Enjoy
Bookmark this story so others can enjoy it:
Tags
security, patches
