Patch-ID# 107475-05 Keywords: security in.telnetd core dump zmodem Synopsis: SunOS 5.7: /usr/sbin/in.telnetd Patch Date: Apr/08/2003 Install Requirements: None Solaris Release: 7 SunOS Release: 5.7 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 107476 Topic: SunOS 5.7: /usr/sbin/in.telnetd Patch Relevant Architectures: sparc BugId's fixed with this patch: 4225958 4366956 4375449 4483514 4516876 4523990 4527873 4798177 Changes incorporated in this version: 4798177 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/sbin/in.telnetd Problem Description: 4798177 in.telnetd is vulnerable to denial of service via TESO (from 107475-04) 4483514 in.telnetd vulnerable to buffer overflow ?? 4523990 in.telnetd needs some cleanup 4527873 telnetd issues garbage before login prompt if BANNER in use (from 107475-03) 4516876 in.telnetd should not accept TTYPROMPT from remote (from 107475-02) 4366956 NLSPATH gettext introduces problems when used printf format specifier 4375449 dtmail crashes when calling catgets with NULL default message (from 107475-01) 4225958 in.telnetd core dumps Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Perform a reconfiguration boot after patch installation. NOTE : To get the complete fix for 4366956 (NLSPATH gettext introduces problems when used printf format specifier), we recommend installing the following patches: 106793-07 (or newer) /usr/lib/fs/ufs/ufsrestore 107972-02 (or newer) /usr/sbin/static/rcp 106541-15 (or newer) /usr/include/nl_types.h /usr/lib/libc.a /usr/lib/libc.so.1 /usr/lib/libp/libc.a /usr/lib/libp/sparcv9/libc.so.1 /usr/lib/sparcv9/libc.so.1 /usr/lib/pics/libc_pic.a /usr/lib/pics/sparcv9/libc_pic.a README -- Last modified date: Tuesday, April 8, 2003