Advisories : New Patch for SunOS /usr/lib/lpd

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : New Patch for SunOS /usr/lib/lpd

Title:	New Patch for SunOS /usr/lib/lpd
Released by:	CERT
Date:	12th September 1991
Printable version:	Click here

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



===========================================================================

CA-91:10a

Last Revised:  September 18,1997

                Attached copyright statement



                       CERT Advisory

                              September 12, 1991

               REVISION NOTICE: New Patch for SunOS /usr/lib/lpd



- ---------------------------------------------------------------------------



                 *** THIS IS A REVISED CERT ADVISORY ***

                    *** CONTAINS NEW INFORMATION ***



There were a number of problems with various early versions of Sun

Microsystems, Inc. (Sun) /usr/lib/lpd patch ( Patch ID 100305-xx ).  

While security problems were fixed in the patches, a remote print

spooling problem was introduced.  Sun believes all the problems have 

been fixed and they are now releasing the enclosed information 

concerning a new patch version.  They have given the CERT/CC permission 

to distribute this information.



The Computer Emergency Response Team/Coordination Center (CERT/CC) 

recommends that all affected sites follow the information provided 

by Sun Microsystems in this bulletin.



- ---------------------------------------------------------------------------

START OF SUN-SUPPLIED INFORMATION

===========================================================================





SUN MICROSYSTEMS SECURITY BULLETIN:



This information is only to be used for the purpose of alerting

customers to problems. Any other use or re-broadcast of this 

information without the express written consent of Sun Microsystems

shall be prohibited.





Sun expressly disclaims all liability for any misuse of this information

by any third party.

- ---------------------------------------------------------------------------





This is more an update on the lpd fix than any new information.



First the update.



After a lengthy beta test cycle, there is now available a new version

of the lpd security fix.  The patch-ID# is 100305-06.



This patch is available via anonymous ftp from the ftp.uu.net system in the

sun-dist directory as 100305-06.tar.Z, or through your local Sun Answer 

Center.  The checksum information for the file available from ftp.uu.net is:



                24474   440   100305-06.tar.Z



- --------------------------------------------------------------------------



Some history.



An lpd bug was discovered where lpd could be used to remove system files

(/etc/passwd or /.rhosts as examples). This bug was fixed with 100305-01.



A second bug was also shown that could still be used to remove system files.

This fix was rolled into 100305-02.



An lpc problem that touched one of the same modules as in the lpd fix was fixed

and the subsequent change rolled into the lpd patch 100305-03.



Two additional problems were sent to Sun: one having to do with RPC calls to

lpd and the second having to do with postscript calls to lpd, thus 100305-04.



It was in creating the -04 version that we unknowingly introduced a remote

spool problem on the SunOS 4.1.1 version of the patch. The problem was that

if the remote queue had jobs in it, the local job sent was often truncated

to zero length.



The -05 version was an attempt to back out the last few changes to remove the

remote print problem.  Unfortunately, it did not.  It was at this time that

we decided to do a lengthy evaluation and test cycle to ensure that the newest

version fixed all the reported problems as well as fixed the remote

spool bug we had introduced.



The 100305-06 patch is the result of that lengthy test cycle.



Thank you all for your support through all this.



Brad Powell

Software Security Coordinator

Sun Microsystems.



===========================================================================

END OF SUN-SUPPLIED INFORMATION

- ---------------------------------------------------------------------------



If you believe that your system has been compromised, contact CERT/CC via

telephone or e-mail.



Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890



Internet E-mail: cert@cert.org

Telephone: 412-268-7090 24-hour hotline:

           CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,

           on call for emergencies during other hours.



Past advisories and other computer security related information are available

for anonymous ftp from the cert.org (192.88.209.5) system.



- --------------------------------------------------------------------------





Copyright 1991 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.



CERT is registered in the U.S. Patent and Trademark Office.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Revision History



September 18,1997  Attached Copyright Statement





-----BEGIN PGP SIGNATURE-----

Version: PGP for Personal Privacy 5.0

Charset: noconv



iQA/AwUBOBS9IFr9kb5qlZHQEQK7dQCcCN94mZlb1amLhe8+/2VCIF9LVTsAn3pr

1uc/MXKvrujVa3km8A0Gl85c

=lZDx

-----END PGP SIGNATURE-----