Patch-ID# 100909-03 Keywords: security, dump, in.comsat, in.talkd, shutdown, syslogd, write, 4.1.x Synopsis: SunOS 4.1.1;4.1.2;4.1.3: Security update for syslogd. Date: Aug/08/94 Solaris Release: 1.1 SunOS Release: 4.1.3C 4.1.3 4.1.2 4.1.1 Unbundled Product: Unbundled Release: Relevant Architectures: sparc NOTE: sun3 sun3x sun4 sun4c sun4m BugId's fixed with this patch: 1133861 1109291 Changes incorporated in this version: 1133861 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: >100272-07 >100593-03 101480 101481 101482 NOTE:100272(-07+) 100593(-03+) 101480 101481 101482 Obsoleted by: NOTE:4.1.3_U1 Files included with this patch: syslogd Problem Description: (Patch 100909-03 is a merely a repackaging of 100909-02 to make the patch smaller and simpler. There is no change in functionality.) 1133861 (Patch 100909-02) Syslog, as originally shipped, could be exploited in an obscure way to gain root access. 1109291 (Patch 100909-01) When syslog messages show up and these messages are similar from various machines, they get confusing because one is not sure which machine sent the message. Patch Installation Instructions: 1) Login as root. 2) Make a backup copy of the old file (if you have installed the original patch, you may wish to save under another name): mv /usr/etc/syslogd /usr/etc/syslogd.fcs 3) Change the permissions on the saved file to prevent its execution: chmod 400 /usr/etc/syslogd.fcs 4) Copy in the patched file: cp `arch`/`uname -r`/syslogd /usr/etc/syslogd 5) Set ownership & permissions: chown root /usr/etc/syslogd chgrp staff /usr/etc/syslogd chmod 755 /usr/etc/syslogd