Patch Name: PHNE_13619 Patch Description: s700_800 10.[23]0 remote network commands cumulative patch Creation Date: 98/07/28 Post Date: 98/12/02 Hardware Platforms - OS Releases: s700: 10.20 10.30 s800: 10.20 10.30 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_13619 Symptoms: PHNE_13619: rlogin * rlogin does not handle LANG environment variable properly. rlogind * rlogind does not handle long hostname. remsh * ER - remsh with stderr closed returns "fd = 2". * remsh does not handle LANG environment variable properly. remshd * remshd does not update login counters properly. * PHNE_12161: remshd and rexecd patch does not work with large UID/GIDs. * rexecd does not update trusted systems DB on good logins. rcp * rcp does not clear old errno value. * SR: RCP may show file as being there even if it ran out of disk space. * rcp does not check for proper parameters. * rcp does not handle LANG environment variable properly. rdist * rdist does not check for temporary files before creating them. * rdist does not set process resources properly. * rdist does not process distfile properly. * rdist fails if subdirectory exists that matches remote hostname. PHNE_12161: * The lockout feature of trusted systems does not work with rexec. PHNE_11728: * Certain signals cause rlogin to dump core. * Change in rlogind logging. Timeout login events no longer logged. PHNE_10638: * rlogin dies intermittently due to signal "SIGUSR1". PHNE_9787: * RCP on a NFS system displays the error message rcp : can't truncate....Permission denied with NFS. PHNE_9219: * RDIST allows copy of certain files without the required permission. PHNE_8889: * remsh/rexec do not force user to change expired password if it is null. PHNE_8807: * Environment variable TERM overflow in rlogin. * Time stamp of rlogind's log message for login failure is set to EST/EDT. * Connection closes when any child process of rlogind receives a SIGSTOP. PHNE_7920: * RDIST cannot transfer files greater than 2 Giga bytes. An enhancement request exists for RDIST to be able to handle files greater than 2 Giga bytes in size. * A bug was found in RDIST which can allow an unprivileged local user to gain unauthorized access. This patch fixes the bug. PHNE_7918: * RCP cannot transfer files greater than 2 Giga bytes. An enhancement request exists for RCP to be able to handle files greater than 2 Giga bytes in size. PHNE_6815: * Changed the default pathname to include /usr/local/bin and /usr/contrib/bin as per HP-UX 9.x. Defect Description: PHNE_13619: rlogin * rlogin does not handle LANG environment variable properly. rlogind * rlogind does not handle long hostname. remsh * ER - remsh with stderr closed returns "fd = 2". * remsh does not handle LANG environment variable properly. remshd * remshd does not update login counters properly. * With PHNE_12161 installed, remsh displays the error message "invalid id". * rexecd does not update trusted systems DB on good logins. rcp * rcp does not clear old errno value. * SR: RCP may show file as being there even if it ran out of disk space. * rcp does not check for proper parameters. * rcp does not handle LANG environment variable properly. rdist * rdist does not check for temporary files before creating them. * rdist does not set process resources properly. * rdist does not process distfile properly. * rdist fails if subdirectory exists that matches remote hostname. PHNE_12161: * On trusted systems, the bad login counter is not updated by rexecd on a login failure. As a result, the lockout feature of trusted systems does not work with rexec. PHNE_11728: * Certain signals are not trapped by rlogin and these cause rlogin to dump core. Now, rlogin exits gracefully on receiving these signals. * Change in rlogind logging. Timeout login events no longer logged. PHNE_10638: * rlogin dies intermittently because of SIGUSR1. This occurs because of some timing problems. PHNE_9787: * RCP on a NFS system fails with an error message. This is because a truncate is done before the permissions of the file is changed. PHNE_9219: * RDIST does not set the userid before certain file operations. PHNE_8889: * remshd/rexecd did not check for aging in the case of null passwords. PHNE_8807: * Environment variable TERM overflow in rlogin. * Time stamp of rlogind's log message for login failure is set to EST/EDT. * rlogind terminates when a SIGSTOP is issued to any of it's child processes. The daemon receives a SIGCHLD which causes rlogind to terminate. PHNE_7920: * The operating system did not support files greater than 2 Giga bytes. The 10.20 release has large file support built in. RDIST has been enhanced to provide large file support. In order for RDIST to interoperate correctly with existing versions of RDIST, patches will be released for 10.X to handle some interoperability issues. * RDIST creates an error message based on a user provided string without checking bounds on the buffer used. This buffer is on the stack, and can therefore be used to execute arbitrary instructions. PHNE_7918: * The operating system did not support files greater than 2 Giga bytes. The 10.20 release has large file support built in. RCP has been enhanced to provide large file support. In order for RCP to interoperate correctly with existing versions of RCP, patches will be released for 9.X and 10.X to handle some interoperability issues. PHNE_6815: * Pathname accidentally got changed. SR: 4701381525 1653188235 5003422279 5003403527 5003392761 1653257212 5003394536 1653234070 5003360909 5003314096 5003301994 5003371351 1653210096 1653206573 4701350389 4701320101 1653173971 5003352864 4701329367 4701340471 Patch Files: /usr/lbin/remshd /usr/lbin/rexecd /usr/lbin/rlogind /usr/bin/rlogin /usr/bin/remsh /usr/bin/rcp /usr/bin/rexec /usr/bin/rdist what(1) Output: /usr/lbin/remshd: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rshd.c 5.17.1.2 (Berkeley) 2/7/89 remshd.c $Revision: 1.34.212.11 $ /usr/lbin/rexecd: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rexecd.c 5.7 (Berkeley) 1/4/89 rexecd.c $Revision: 1.34.212.11 $ /usr/lbin/rlogind: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rlogind.c $Header: rlogind.c,v 1.17.212.24 98/07/15 23:47:14 hnt Exp $ rlogind.c 5.22.1.6 (Berkeley) 2/7/89 /usr/bin/rlogin: Copyright (c) 1983 The Regents of the University of California. rlogin.c $Revision: 1.35.212.10 $ $Date: 98/07/15 23 :33:25 $ /usr/bin/remsh: Copyright (c) 1983 The Regents of the University of California. remsh.c $Revision: 1.28.212.10 $ $Date: 98/07/15 22: 31:58 $ rsh.c 5.7 (Berkeley) 9/20/88 /usr/bin/rcp: Copyright (c) 1983 The Regents of the University of California. rcp.c $Revision: 1.16.212.22 $ $Date: 98/07/15 03:47 :47 $ rcp.c 5.20 (Berkeley) 5/23/89 /usr/bin/rexec: Copyright (c) 1983 The Regents of the University of California. remsh.c $Revision: 1.28.212.10 $ $Date: 98/07/15 22: 31:58 $ rsh.c 5.7 (Berkeley) 9/20/88 /usr/bin/rdist: $Revision: 1.1.212.3 Wed Jul 15 09:32:23 GMT 1998$ cksum(1) Output: 3186959992 24576 /usr/lbin/remshd 1271574308 24576 /usr/lbin/rexecd 1839286454 28672 /usr/lbin/rlogind 1909433317 24576 /usr/bin/rlogin 1712561782 16384 /usr/bin/remsh 4055884538 32768 /usr/bin/rcp 1712561782 16384 /usr/bin/rexec 3841204164 73728 /usr/bin/rdist Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_6815 PHNE_7918 PHNE_7920 PHNE_8807 PHNE_8889 PHNE_9219 PHNE_9787 PHNE_10638 PHNE_11728 PHNE_12161 Equivalent Patches: PHNE_13618: s700: 10.00 10.01 10.10 s800: 10.00 10.01 10.10 Patch Package Size: 300 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_13619 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_13619.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_13619.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_13619. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_13619.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_13619.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None