Patch Name: PHNE_24161 Patch Description: s700_800 10.20 kftpd(1M) and kftp(1) cumulative patch Creation Date: 01/06/14 Post Date: 01/07/09 Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: N/A Filesets: InternetSvcSec.INETSVCS-SEC InternetSvcSec.ISEC-ENG-A-MAN Automatic Reboot?: No Status: General Release Critical: No (superseded patches were critical) PHNE_10011: OTHER A timing problem could occur on receipt of a simultaneous data close and ABORT. Path Name: /hp-ux_patches/s700_800/10.X/PHNE_24161 Symptoms: PHNE_24161: 1. CR JAGad68308/ SR 8606199121. ftpd does not function properly for some commands. 2. CR JAGad12040/SR 8606142685. ftpd does not function properly. 3. CR JAGaa93734/SR 1653296475. ER: Suppress the machine name and version in the ftpd banner output. PHNE_15544: * ftp: problem with passing files. * FTP Newer command does not work as documented if file does not exist. * FTP:don't get error message if filesystem gets full. * Proxy Get command not working. * ftpd does not allow ports under 1024 even with -p option. * FTP giving error 425:Can't create data socket. * have inbound/outbound transfer logging in ftpd. * FTP Newer command has problem handling dates. PHNE_10011: (kftpd) * A ftp client could interrupt a data transfer by sending a data close and an ABORT. A timing problem has been observed on the kftpd side. PHNE_9786: (kftpd) * ftpd returns a 550 after an NLST when the file is not found. * Privileged ports cannot be specified as a part of the PORT command. * An error message "You've GOT to be joking" is displayed when a client specifies a privileged port as a data-port. * The command modtime displays incorrect date and time for some dates. Defect Description: PHNE_24161: 1. CR JAGad68308/ SR 8606199121. ftpd does not function properly for some commands. Resolution: * Code changes have been made to fix the problem. 2. CR JAGad12040/SR 8606142685. ftpd does not function properly. Resolution: * Code changes have been made to fix the problem. 3. CR JAGaa93734/SR 1653296475. Enhancement request to suppress machine name and version printed in the ftpd banner output. Resolution: * Added an extra option '-S' in the ftpd code for suppressing the machine name in the ftpd banner. Man page has been updated to include this information. PHNE_15544: * ftp: problem with passing files. * FTP Newer command does not work as documented if file does not exist. * FTP:don't get error message if filesystem gets full. * Proxy Get command not working. * ftpd does not allow ports under 1024 even with -p option. * FTP giving error 425:Can't create data socket. * have inbound/outbound transfer logging in ftpd. * FTP Newer command has problem handling dates. PHNE_10011: (kftpd) * kftpd has been fixed to handle a simultaneous data close and ABORT appropriately. PHNE_9786: (kftpd) * ftpd returns a 550 after a NLST when a file is not found. The return code was changed to 450 per RFC 959. * An option "-p" has been added. The PORT command can now specify a privileged port as a data-port if this option is set. * The error message "You've GOT to be joking" has been replaced by "Port command failure". * The command modtime now behaves correctly. SR: 4701373696 5003369611 1653245845 5003386581 1653245852 1653254193 1653232942 4701334763 4701346098 5003343970 5003344846 5003322867 8606199121 8606142685 1653296475 Patch Files: /usr/lbin/kftpd /usr/share/man/man1m.Z/kftpd.1m /usr/bin/kftp what(1) Output: /usr/lbin/kftpd: Copyright (c) 1985, 1988 Regents of the University o f California. ftpd.c based on 5.28 (Berkeley) 4/20/89 Secure Internet Svcs - Revision 1.7.212.3 Fri Jun 1 5 11:54:00 GMT 2001 ftpcmd.y 5.20 (Berkeley) 2/28/89 glob.c 5.7 (Berkeley) 12/14/88 popen.c 5.7 (Berkeley) 2/14/89 logwtmp.c 5.2 (Berkeley) 9/22/88 /usr/share/man/man1m.Z/kftpd.1m: None /usr/bin/kftp: Copyright (c) 1985, 1989 Regents of the University o f California. main.c based on 5.13 (Berkeley) 3/14/89 Secure Internet Svcs - Revision 1.1.212.3 Fri Jun 1 5 11:32:59 GMT 2001 cmds.c 5.18 (Berkeley) 4/20/89 cmdtab.c 5.9 (Berkeley) 3/21/89 ftp.c 5.28 (Berkeley) 4/20/89 glob.c 5.7 (Berkeley) 12/14/88 ruserpass.c 5.1 (Berkeley) 3/1/89 domacro.c 1.6 (Berkeley) 2/28/89 cksum(1) Output: 2595554420 512000 /usr/lbin/kftpd 3965864299 7894 /usr/share/man/man1m.Z/kftpd.1m 1512363672 516096 /usr/bin/kftp Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_9786 PHNE_10011 PHNE_15544 Equivalent Patches: None Patch Package Size: 1080 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_24161 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_24161.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_24161. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_24161.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_24161.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: The SIS product, if enabled has to be disabled before the installation and removal of this patch. If SIS is enabled during patch installation, the installation will fail with an error. To disable SIS use the following command: '/usr/sbin/inetsvcs_sec disable' After installation use the following command to enable SIS. '/usr/sbin/inetsvcs_sec enable' If SIS is enabled during patch removal,the patch removal will fail with an error. To disable SIS use the following command: '/usr/sbin/inetsvcs_sec disable' After removing the patch use the following command to enable SIS. '/usr/sbin/inetsvcs_sec enable'