Patch-ID# 102071-07 Keywords: security portmapper configurable listen backlog UDP port Synopsis: SunOS 5.4_x86: usr/sbin/rpcbind patch Date: Mar/30/2001 Solaris Release: 2.4_x86 SunOS Release: 5.4_x86 Unbundled Product: Unbundled Release: Xref: This patch available on SPARC as patch 102070 Topic: SunOS 5.4_x86: usr/sbin/rpcbind patch Relevant Architectures: i386 BugId's fixed with this patch: 1167600 4011058 4045357 4066019 4070261 4073327 4124715 Changes incorporated in this version: 4124715 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/sbin/rpcbind Problem Description: 4124715 Denial of Service in connection oriented Transports. (from 102071-06) 4073327 rpcbind /tmp file security vulnerability (from 102071-05) 4070261 predictable RPC XIDs when forwarding CALLIT RPCs (from 102071-04) 4066019 security bug with indirect calls (from 102071-03) 4045357 rpcbind listens to non-privileged UDP port other than port 111 (from 102071-02) 4011058 rpcbind should have a configurable listen(3N) backlog (from 102071-01) 1167600 portmapper security hole has re-appeared in 5.4 This fix closes some holes in rpcbind/portmapper that affected system security. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- NOTE : To get the complete fix for bug 4124715 (Denial of Service in connection oriented Transports) we recommend installation of the following patches (or newer): 101974-38 (libnsl, ypbind & rpc.nisd) 103707-03 (/usr/sbin/rpc.nisd_resolv) 109549-01 (/usr/sbin/keyserv) 102770-08 (/usr/lib/nfs/statd) 102686-03 (/usr/lib/nfs/mountd) 109551-01 (/usr/sbin/rpc.bootparamd) README -- Last modified date: Friday, March 30, 2001