PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
(ISSO), SPECIAL SECURITY OFFICER (SSO), INFORMATION RESOURCE MANAGER
(IRM) AND AUTOMATED DATA PROCESSOR (ADP) COORDINATORS
SUBJECT: SUN SECURITY PATCHES AND SOFTWARE UPDATES (AUTOMATED SYSTEM
SECURITY INCIDENT SUPPORT TEAM (ASSIST) BULLETIN 93-XX).
1.  SUN MICROSYSTEMS HAS RELEASED INFORMATION REGARDING THE
AVAILABILITY OF NEW AND UPDATED SECURITY PATCHES FOR THE SUNOS
OPERATING SYSTEM.  SUN MICROSYSTEMS HAS ALSO ANNOUNCED THE
AVAILABILITY OF NEW VERSIONS OF ITS DECNET INTERFACE (DNI) AND PC-NFS
SOFTWARE PACKAGES THAT CORRECT SECURITY VULNERABILITIES OF PREVIOUS
RELEASES.  SUN SECURITY PATCHES ARE AVAILABLE THROUGH YOUR LOCAL SUN
ANSWER CENTER AND VIA ANONYMOUS FTP.  IN THE U.S., FTP TO FTP.UU.NET
AND RETRIEVE THE PATCHES FROM THE /SYSTEMS/SUN/SUN-DIST DIRECTORY. 
IN EUROPE, FTP TO MCSUN.EU.NET AND RETRIEVE THE PATCHES FROM THE
/SUN/FIXES DIRECTORY.  THE PATCHES ARE CONTAINED IN COMPRESSED
TARFILES NAMED [PATCH].TAR.Z. FOR EXAMPLE, IF YOU WISH TO OBTAIN
PATCH 100891-01, THE CORRESPONDING COMPRESSED TARFILE WOULD BE NAMED
100891-01.TAR.Z.  EACH COMPRESSED TARFILE HAS BEEN CHECKSUMMED USING
THE SUNOS "SUM" COMMAND.  AFTER RETRIEVING EACH PATCH, THE CHECKSUM
SHOULD BE RECOMPUTED AND COMPARED TO THOSE LISTED IN THIS BULLETIN. 
IF YOU FIND THAT THE CHECKSUM FOR A PATCH DIFFERS FROM THOSE LISTED
BELOW, PLEASE CONTACT SUN MICROSYSTEMS OR ASSIST FOR CONFIRMATION
BEFORE USING THE PATCH.  TO INSTALL THE PATCHES, FOLLOW THE
INSTRUCTIONS CONTAINED IN THE README FILES THAT ACCOMPANY EACH PATCH.
2.  THE FOLLOWING PATCHES ARE EITHER NEW SECURITY PATCHES OR NEW
VERSIONS OF EXISTING PATCHES THAT PROVIDE ADDITIONAL SECURITY
FEATURES OR SUPPORT ADDITIONAL SUN PLATFORMS.  ASSIST STRONGLY
RECOMMENDS THE INSTALLATION OF ALL APPLICABLE SECURITY PATCHES ON DOD
INTEREST COMPUTER SYSTEMS.
PATCH      CHECKSUM    SUNOS VERSIONS
-----      --------    --------------
100891-01  33195 3075  4.1.3
           LIBC REPLACEMENT - CORRECTS INSECURE HANDLING OF NETGROUPS
           AND FIXES A BUG IN XLOCK THAT COULD CAUSE IT TO CRASH AND
           LEAVE THE SYSTEM UNPROTECTED.
100884-01  03775 2610  5.1 (SOLARIS 2.1)
           CLOSES SECURITY VULNERABILITY WITH THE SRMMU WINDOW      
           HANDLER.
100833-02  49753 155   5.1 (SOLARIS 2.1)
           REQUIRED FOR USE OF SUN'S UNBUNDLED BASIC SECURITY MODULE
           (BSM) WITH SOLARIS 2.1.
100623-03  56063 141   4.1.2, 4.1.3
           UFS JUMBO PATCH - NON-RANDOM FILE HANDLES CAN BE GUESSED. 
           THIS PATCH SHOULD BE APPLIED AFTER THE MOST RECENT VERSION
           OF 100173.
100448-01  29285 5     4.1.1, 4.1.2, 4.1.3
           OPENWINDOWS 3.0 LOADMODULE PATCH - THIS RELEASE ADDS 
           SUPPORT FOR SUNOS 4.1.3.  SITES RUNNING SUNOS 4.1.1 OR 
           4.1.2 DO NOT NEED TO INSTALL THIS PATCH AGAIN IF IT WAS 
           PREVIOUSLY INSTALLED.
100305-11  38582 500   4.1, 4.1.1, 4.1.2, 4.1.3
           THIS PATCH FIXES INCORRECT USER ID CHECKING IN
           /USR/UCB/LPR.
100121-09  57589 360   4.1
           NFS JUMBO PATCH - THIS PATCH ADDS SUPPORT FOR SUN4E
           ARCHITECTURES.  OTHER ARCHITECTURES NEED NOT REINSTALL
           THE PATCH IF A PREVIOUS VERSION WAS INSTALLED.
3.  THE FOLLOWING SECURITY PATCHES HAVE BEEN UPDATED WITH
NON-SECURITY RELATED ENHANCEMENTS.  SYSTEMS WITH PREVIOUS VERSIONS OF
THESE PATCHES ALREADY INSTALLED DO NOT NEED TO INSTALL THE NEW
VERSIONS UNLESS THE ADDITIONAL NON-SECURITY RELATED ENHANCEMENTS ARE
DESIRED.
PATCH      CHECKSUM    SUNOS VERSIONS
-----      --------    --------------
100513-02  34315 483   4.1, 4.1.1, 4.1.2, 4.1.3
           JUMBO TTY PATCH - THIS RELEASE FIXES A TTY BUG THAT CAN
           CAUSE SYSTEM CRASHES.  PREVIOUS RELEASES CORRECTED A
           VULNERABILITY THAT ALLOWED CONSOLE INPUT AND OUTPUT
           TO BE REDIRECTED.
100482-04  06594 342   4.1, 4.1.1, 4.1.2, 4.1.3
           YPSERV AND YPXFRD SECURITY PATCH - CORRECTS INCORRECT
           DNS LOOKUP FAILURES WHEN A HOST IS UP BUT HAS NO
           NAMESERVER RUNNING.  PREVIOUS RELEASES OF THIS PATCH 
           CORRECTED A CONDITION THAT ALLOWED NIS TO DISTRIBUTE MAPS,
           INCLUDING THE PASSWORD MAP, TO ANYONE.  NOTE: THE 
           /VAR/YP/SECURENETS CONFIGURATION FILE CANNOT CONTAIN BLANK
           LINES.
100452-28  07299 1688  4.1, 4.1.1, 4.1.2, 4.1.3
           XVIEW 3.0 JUMBO PATCH - THIS RELEASE FIXES SEVERAL 
           OPENWINDOWS AND XVIEW BUGS, INCLUDING PROBLEMS WITH 
           MAILTOOL AND FILEMGR.  PREVIOUS RELEASES CORRECTED A
           PROBLEM WITH CMDTOOL THAT ALLOWED THE DISCLOSURE OF
           PASSWORDS.
100383-06  58984 121   4.0.3, 4.1, 4.1.1, 4.1.2, 4.1.3
           RDIST PATCH - THIS RELEASE ALLOWS /USR/UCB/RDIST TO 
           TRANSFER HARD LINKED FILES.  PREVIOUS RELEASES OF THIS 
           PATCH CORRECTED A BUG THAT ALLOWED USERS TO GAIN ROOT 
           ACCESS.
100224-06  57647 54    4.1.1, 4.1.2, 4.1.3
           /BIN/MAIL JUMBO PATCH - THIS RELEASE CORRECTS A PROBLEM
           THAT CAUSED /BIN/MAIL TO CRASH.  PREVIOUS RELEASES
           CORRECTED A PROBLEM THAT ALLOWED /BIN/MAIL TO BE USED TO 
           INVOKE A ROOT SHELL.
100173-10  48086 788   4.1.1, 4.1.2, 4.1.3
           NFS JUMBO PATCH - THIS RELEASE CORRECTS POOR NFS WRITE
           APPEND PERFORMANCE.  PREVIOUS VERSIONS OF THIS PATCH
           CORRECTED A BUG WITH THE HANDLING OF SETUID PROGRAMS
           COPIED TO NFS FILE SYSTEMS.
4.  VERSIONS OF SUN'S DNI PRODUCT PRIOR TO 7.0.1 ARE KNOWN TO HAVE
TWO SECURITY VULNERABILITIES:
- DNI_RC_INS CREATES AN RC SCRIPT WITH WORLD WRITABLE PERMISSIONS.
- FILES COPIED TO VAX/VMS SYSTEMS USING DNICP ARE ASSIGNED
  INCORRECT PERMISSIONS.  
TO CLOSE THE VULNERABILITIES, SUN RECOMMENDS THAT YOU UPGRADE TO DNI
VERSION 7.0.1.  SUN HAS DISTRIBUTED THE UPGRADE FREE OF CHARGE TO ALL
CUSTOMERS WITH A DNI SUPPORT CONTRACT.  THOSE CUSTOMERS NOT ON
SOFTWARE SUPPORT SHOULD OBTAIN THE UPGRADE THROUGH THEIR STANDARD SUN
SALES CHANNELS.
5.  THE PC-NFS PRINTING AND AUTHENTICATION DAEMON PCNFSD ALLOWS
UNAUTHORIZED ACCESS TO THE SYSTEM.  IT IS RECOMMENDED THAT SITES WITH
PCNFSD INSTALLED UPGRADE TO THE LATEST VERSION.  THE LATEST VERSION
OF PCNFSD MAY BE OBTAINED FREE OF CHARGE VIA ANONYMOUS FTP FROM
BCM.TMC.EDU IN THE /PCNFS DIRECTORY AND FROM SRC.DOC.IC.AC.UK IN THE
/PUB/SUN/PC-NFS DIRECTORY IN A FILE NAMED PCNFSD.93.02.16.TAR.Z.
6.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
PETE HAMMES, COMM (703) 696-1924/5/6 OR DSN 226-1924/5/6.  ASSIST CAN
BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER (800) SKY-PAGE (800-
759-7243), PIN NUMBER 2133937.  WHEN CALLING THE PAGER SERVICE,
FOLLOW THE AUTOMATED VOICE INSTRUCTIONS AND ENTER THE CALL BACK
NUMBER AFTER THE PROMPT.  THE ASSIST DUTY OFFICER WILL CALL YOU BACK
WITHIN 30 MINUTES.  IF FASTER SERVICE IS REQUIRED, PREFIX YOUR
TELEPHONE NUMBER WITH "999", AND THE ASSIST DUTY OFFICER WILL CALL
BACK WITHIN 5 MINUTES.  ASSIST CAN BE REACHED VIA E-MAIL AT "DOD-
CERT(AT-SIGN)DDN-CONUS.DDN.MIL".
BT