Patch-ID# 106794-07 Keywords: security buffer overflow ufsdump ufsrestore multivolume Synopsis: SunOS 5.7_x86: ufsdump and ufsrestore patch Date: Mar/26/2001 Solaris Release: 7_x86 SunOS Release: 5.7_x86 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 106793 Topic: SunOS 5.7_x86: ufsdump and ufsrestore patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: i386 BugId's fixed with this patch: 4077276 4132365 4145883 4169853 4184189 4232405 4232413 4240566 4297558 4302943 4339366 4366956 4375449 Changes incorporated in this version: 4366956 4375449 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/include/protocols/dumprestore.h /usr/lib/fs/ufs/ufsdump /usr/lib/fs/ufs/ufsrestore Problem Description: 4366956 NLSPATH gettext introduces problems when used printf format specifier 4375449 dtmail crashes when calling catgets with NULL default message (from 106794-06) 4339366 Security vulnerability in ufsrestore allows root compromise. 4132365 Security vulnerability on ufsdump and restore (additional rework) (from 106794-05) 4232413 ufsdump -W does function like it should after patch 105722-02 installed 4302943 ufsrestore doesn't handle ACLs correctly (from 106794-04) 4232405 DUMP: Unsupported condition detected: /dev/vx/rdsk/rootdg/vol01 4297558 ufsrestore(1M) gives error "xtrmap: too many map entries" (from 106794-03) 4240566 security: LC_MESSAGES buffer overflow (from 106794-02) 4132365 security vulnerability on ufsdump and restore (reworked) (from 106794-01) 4145883 ufsdump does not stop given no input for questions 4132365 Security vulnerability on ufsdump and restore in Solaris 2.6 & 7 4077276 multivolume ufsdump fails dumping to remote system via non-root login ID 4169853 Change in flags in an open system call causes 'ufsrestore rvf dumpfile' to fail 4184189 request CodeManager file generators for usr/src/cmd/backup Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-8 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: This patch disables the obsolete hmsdump and hmsrestore mode of operation. NOTE 2: To get the complete fix for 4240566 (security: LC_MESSAGES buffer overflow), we recommend installing the following patches: 106542-06 (or newer) kernel update 107973-01 (or newer) /usr/sbin/static/rcp patch NOTE 3: To get the complete fix for 4366956 (NLSPATH gettext introduces problems when used printf format specifier), we recommend installing the following patches: 107973-02 (or newer) /usr/sbin/static/rcp 107476-02 (or newer) /usr/sbin/in.telnetd 106542-15 (or newer) /usr/include/nl_types.h /usr/lib/libc.a /usr/lib/libc.so.1 /usr/lib/libp/libc.a /usr/lib/libp/sparcv9/libc.so.1 /usr/lib/sparcv9/libc.so.1 /usr/lib/pics/libc_pic.a /usr/lib/pics/sparcv9/libc_pic.a README -- Last modified date: Monday, March 26, 2001