OBSOLETE Patch-ID# 111607-07


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security ftpd memory gavsiz s_isgid preserve dos
Synopsis: Obsoleted by: 111607-08 SunOS 5.8_x86: /usr/sbin/in.ftpd patch
Date: Jun/25/2007


Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 8_x86

SunOS Release: 5.8_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 111606

Topic: SunOS 5.8_x86: /usr/sbin/in.ftpd patch

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
424454414990375
427947815002127
439216315045595
443698815059971
444575515060664
444660015060939
445152415062303
445270515062745
471453415114845
475815115127072
510853115229644


Changes incorporated in this version: 4279478

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch: 109008-24 (or greater)

Obsoleted by:

Files included with this patch:

/usr/sbin/in.ftpd

Problem Description:

4279478 in.ftpd does not generate an audit record when the ftp session completes
 
(from 111607-06)
 
4392163 some ftp clients expose in.ftpd EPRT bug
 
(from 111607-05)
 
5108531 CVE-1999-0079 multiple PASV allow multiple port bound causes running out of port
 
(from 111607-04)
 
4758151 /usr/sbin/in.ftpd does not properly implement PAM
 
(from 111607-03)
 
4714534 FTP server connect retry DOS vulnerability
 
(from 111607-02)
 
4244544 in.ftpd doesn't preserve S_ISGID bit on directories
 
(from 111607-01)
 
4436988 security: Globbing problem in in.ftpd
4446600 ftpd memory leaks
4445755 ftpd glob can still use a lot of memory and CPU
4451524 in.ftpd cores
4452705 GAVSIZ definition needs to stay in glob.c


Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
 
None.


README -- Last modified date: Friday, November 9, 2012