Patch-ID# 101640-04
Keywords: security in.ftpd hole password logs
Synopsis: SunOS 4.1.3: in.ftpd fixes
Date: Jan/10/97

Solaris Release: 1.1 

SunOS Release: 4.1.3

Unbundled Product: 

Unbundled Release: 

Relevant Architectures: sparc
    NOTE: sun4 (all)

BugId's fixed with this patch: 4011498 1157926

Changes incorporated in this version: 4011498

Patches accumulated and obsoleted by this patch: 100865-03

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: in.ftpd

Problem Description: 

4011498  ftp fails with multiple accesses to the server

1157926
/usr/etc/in.ftpd -dl will log all user names and passwords to syslog.
This is a security problem. Plain text copies of user passwords can be
read from the console and/or log files.

Patch Installation Instructions: 

1.  su root
2.  cd <patch directory>
3.  cp /usr/etc/in.ftpd /usr/etc/in.ftpd.FCS
4.  cp `arch -k`/in.ftpd /usr/etc/in.ftpd
