Patch Name: PHNE_22059 Patch Description: s700_800 10.24 (VVOS) telnetd, ftp and ftpd cumulative Creation Date: 00/10/10 Post Date: 00/10/13 Hardware Platforms - OS Releases: s700: 10.24 s800: 10.24 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN InternetSrvcs.INETSVCS-INETD InternetSrvcs.INET-ENG-A-MAN OS-Core.UX-CORE OS-Core.CORE-ENG-A-MAN VirtualVaultOS.VVOS-AUX-IA Automatic Reboot?: Yes Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_22059 Symptoms: PHNE_22059: Port base HP-UX patch PHNE_22057: Based on HP-UX patch PHNE_22057: 1. CR JAGad12040/SR 8606142685. ftpd does not function properly. 2. CR JAGaa27007/SR 8606160774 ls command fails in an anonymous ftp session. Based on HP-UX patch PHNE_17963: 1. Implement passive mode in 10.20 ftp client. 2. Suppress the printing of machine name in the ftpd banner. 3. 'ftp' client does not work properly. PHNE_15802: Repackaged part of HP-UX patch PHNE_13597 for VVOS. Based on a portion of HP-UX patch PHNE_13597: * ftp: problem with passing files. * FTP Newer command does not work as documented if file does not exist. * FTP:don't get error message if filesystem gets full. * Proxy Get command not working. * ftpd does not allow ports under 1024 even with -p option. * FTP giving error 425:Can't create data socket. * have inbound/outbound transfer logging in ftpd. * FTP Newer command has problem handling dates. PHNE_12984: Users cannot telnet or ftp to a VVOS system. Based on HP-UX patch PHNE_10010: A ftp client could interrupt a data transfer by sending a data close and an ABORT. A timing problem has been observed on the ftpd side. Based on HP-UX patch PHNE_9785: * ftpd returns a 550 after an NLST when the file is not found. * Privileged ports cannot be specified as a part of the PORT command. * An error message "You've GOT to be joking" is displayed when a client specifies a privileged port as a data-port. * The command modtime displays incorrect date and time for some dates. Defect Description: PHNE_22059: Port base patch PHNE_22057: Based on PHNE_22057: 1. CR JAGad12040/SR 8606142685. ftpd does not function properly. 2. CR JAGaa27007/SR 8606160774 ls command fails in an anonymous ftp session. Based on PHNE_17963: 1. Implement passive mode in 10.20 ftp client. 2. Suppress the printing of machine name in the ftpd banner. 3. 'ftp' client does not work properly. PHNE_15802: Repackaged part of HP-UX patch PHNE_13597 for VVOS. Based on a portion of HP-UX patch PHNE_13597: * ftp: problem with passing files. * FTP Newer command does not work as documented if file does not exist. * FTP:don't get error message if filesystem gets full. * Proxy Get command not working. * ftpd does not allow ports under 1024 even with -p option. * FTP giving error 425:Can't create data socket. * have inbound/outbound transfer logging in ftpd. * FTP Newer command has problem handling dates. PHNE_12984: Single-level telnetd and ftpd has been added to the VVOS supported feature set. Installation of this patch makes the system capable of providing server side services, to the inside network, for telnet and ftp sessions. The patch will allow users from the inside network to telnet and/or ftp into a VirtualVault machine. Please refer to the special installation instructions on how to enable these services. Based on HP-UX patch PHNE_10010: ftpd has been fixed to handle a simultaneous data close and ABORT appropriately. Based on HP-UX patch PHNE_9785: * ftpd returns a 550 after a NLST when a file is not found. The return code was changed to 450 per RFC 959. * An option "-p" has been added. The PORT command can now specify a privileged port as a data-port if this option is set. * The error message "You've GOT to be joking" has been replaced by "Port command failure". * The command modtime now behaves correctly. SR: 8606142685 8606160774 5003424218 1653296475 4701409938 4701373696 5003369611 1653245845 5003386581 1653245852 1653254193 1653232942 4701346098 5003343970 5003344846 5003322867 4701372359 4701334763 8606147747 1653245845 Patch Files: /etc/auth/system/files.fcdb/05.patches/PHNE12984.fcdb /sbin/init.d/inetd /usr/bin/login /usr/bin/ftp /usr/lbin/telnetd /usr/lbin/ftpd /usr/lbin/net_daemons/telnetd /usr/lbin/net_daemons/ftpd /usr/share/man/man1m.Z/ftpd.1m /usr/share/man/man1m.Z/telnetd.1m /usr/share/man/man1.Z/login.1 what(1) Output: /etc/auth/system/files.fcdb/05.patches/PHNE12984.fcdb: $Revision: Hewlett-Packard ISSL 1.1 etc/auth/system/ files.fcdb/05.patches/PHNE12984.fcdb, files_ etc, vvos_davis, davis163 $ $Date: 97/10/29 16:52:02 $ etc/auth/system/files.fcdb/05.patches/PHNE12984.fcdb , files_etc, vvos_davis, davis163 $Date: 00/ 10/03 14:17:19 $ $Revision: 1.1 PATCH_10.24 (PHNE_12984) $ /sbin/init.d/inetd: $Revision: Hewlett-Packard ISSL 1.13 services/INETSV CS/scripts/inetd, hpuxinitscripts, vvos_davi s, davis163 $ $Date: 97/10/30 09:20:28 $ /usr/bin/login: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 3 14:20:16 EDT 2000 $ $Revision: 78.6 $ $Source: cmd/login.c, hpuxcmdcntl, vvos_davis, davis 163 $ $Date: 00/10/03 14:12:47 $ $Revision: 1.23 PATCH_10.24 (PHNE_12984) $ $Source: cmd/login_sec.c, cmdhooks, vvos_davis, davi s163 $ $Date: 00/10/03 14:12:49 $ $Revision: 1.30 PATCH_10.24 (PHNE_12984) $ /usr/bin/ftp: Copyright (c) 1985, 1989 Regents of the University o f California. main.c based on 5.13 (Berkeley) 3/14/89 Revision 1.1.212.3 Wed Jul 14 10:27:17 GMT 1999 cmds.c 5.18 (Berkeley) 4/20/89 cmdtab.c 5.9 (Berkeley) 3/21/89 ftp.c 5.28 (Berkeley) 4/20/89 glob.c 5.7 (Berkeley) 12/14/88 ruserpass.c 5.1 (Berkeley) 3/1/89 domacro.c 1.6 (Berkeley) 2/28/89 /usr/lbin/telnetd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 3 14:20:16 EDT 2000 $ $Source: services/INETSVCS/telnetd/telnetd_wrapper.c , hpuxcmdnet, vvos_davis, davis163 $ $Date: 00/10/03 14:17:19 $ $Revision: 1.3 PATCH_10. 24 (PHNE_12984) $ /usr/lbin/ftpd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 3 14:20:16 EDT 2000 $ $Source: services/INETSVCS/ftpd/ftpd_wrapper.c, hpux cmdnet, vvos_davis, davis163 $ $Date: 00/10/ 03 14:17:19 $ $Revision: 1.4 PATCH_10.24 (PH NE_12984) $ /usr/lbin/net_daemons/telnetd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 3 14:20:16 EDT 2000 $ Copyright (c) 1983, 1986 Regents of the University o f California. $Source: services/INETSVCS/telnetd/telnetd.c, hpuxcm dnet, vvos_davis, davis163 $ $Date: 00/10/03 14:14:07 $ $Revision: 1.21.1.4 PATCH_10.24 (PHNE_12984) $ telnetd.c $Revision: 1.27.212.8 $ $Date: 96/05/06 14 :39:32 $ telnetd.c 5.31 (Berkeley) 2/23/89 /usr/lbin/net_daemons/ftpd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 3 14:20:16 EDT 2000 $ Copyright (c) 1985, 1988 Regents of the University o f California. $Source: services/INETSVCS/ftpd/ftpd.c, hpuxcmdnet, vvos_davis, davis164 $ $Date: 00/10/03 14:19 :04 $ $Revision: 1.19.1.13 PATCH_10.24 (PHNE _22059) $ ftpd.c based on 5.28 (Berkeley) 4/20/89 Revision 1.7.212.1 Mon Oct 9 18:16:00 GMT 2000 ftpcmd.y 5.20 (Berkeley) 2/28/89 $Source: services/INETSVCS/ftpd/glob.c, hpuxcmdnet, vvos_davis, davis163 $ $Date: 00/10/03 14:13 :53 $ $Revision: 1.4.1.4 PATCH_10.24 (PHNE_1 2984) $ glob.c 5.7 (Berkeley) 12/14/88 popen.c 5.7 (Berkeley) 2/14/89 $Source: services/INETSVCS/ftpd/ftpd_sec.c, cmdhooks , vvos_davis, davis163 $ $Date: 00/10/03 14: 14:08 $ $Revision: 1.5.1.7 PATCH_10.24 (PHNE _12984) $ logwtmp.c 5.2 (Berkeley) 9/22/88 /usr/share/man/man1m.Z/ftpd.1m: None /usr/share/man/man1m.Z/telnetd.1m: None /usr/share/man/man1.Z/login.1: None cksum(1) Output: 1866249673 1561 /etc/auth/system/files.fcdb/05.patches/ PHNE12984.fcdb 3626450694 1574 /sbin/init.d/inetd 2515427120 61440 /usr/bin/login 4105651290 98304 /usr/bin/ftp 4051409526 12288 /usr/lbin/telnetd 1613291931 12288 /usr/lbin/ftpd 1387456499 45056 /usr/lbin/net_daemons/telnetd 410637994 86016 /usr/lbin/net_daemons/ftpd 1146013999 8673 /usr/share/man/man1m.Z/ftpd.1m 2422361752 5224 /usr/share/man/man1m.Z/telnetd.1m 1128670498 10494 /usr/share/man/man1.Z/login.1 Patch Conflicts: None Patch Dependencies: s700: 10.24: PHNE_11306 s800: 10.24: PHNE_11307 Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_12984 PHNE_15802 Equivalent Patches: PHNE_22057: s700: 10.20 s800: 10.20 PHNE_21936: s700: 11.00 s800: 11.00 PHNE_22060: s700: 11.04 s800: 11.04 Patch Package Size: 420 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_22059 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_22059.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_22059. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_22059.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_22059.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Installation of this patch makes the system capable of providing server side telnet and ftp services to the inside network. To enable these services, which will let users from the inside network telnet and/or ftp into the system, the system administrator will have to perform the following steps - 1. Login as root in a system window. 2. Enable desired service(s) by uncommenting the following lines in /etc/inetd.conf: #ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l #telnet stream tcp nowait root /usr/lbin/telnetd telnetd to read: ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l telnet stream tcp nowait root /usr/lbin/telnetd telnetd 3. Unlock desired pseudo terminals (ttyp0, ttyp1...etc) in the terminal control database. Each tty has two entries. - Make a safe copy of the terminal control database, /etc/auth/system/ttys. - Edit the database (/etc/auth/system/ttys) pty/ttyp0:t_devname=pty/ttyp0:t_lock:chkent: ttyp0:t_devname=ttyp0:chkent: For each set of entries make the following modifications: If a field t_lock exists for the entry, just add an @ sign at the end of the field. (t_lock@) If the field does not exist, add the entire field, t_lock@, to the entry. ( The field separator is a : ) pty/ttyp0:t_devname-pty/ttyp0:t_lock@:chkent: ttyp0:t_devname=ttyp0:t_lock@:chkent: 4. Run "/tcb/bin/authck -t" to check the internal consistency of the Terminal Control database. 5. Run "/tcb/bin/setfiles" to set system file attributes. 6. Run "/usr/sbin/inetd -c" to force the inetd to reread /etc/inetd.conf. NOTE: The patch should be installed after VirtualVault 3.0 is installed.