TITLE: Tru64 UNIX V4.0f+PK6 BL17 Security Vulnerability ECO Summary New Kit Date: 28-JAN-2002 Modification Date: Not Applicable Modification Type: New Kit: Early Release Patch Kit (ERP) Copyright (c) Compaq Computer Corporation 2002. All rights reserved. PRODUCT: Tru64 UNIX [R] 4.0F SOURCE: Compaq Computer Corporation ECO INFORMATION: ECO Name: DUV40FB17-C0061801-12860-E-20020115..tar ECO Kit Approximate Size: 4.3MB Kit Applies To: Tru64 UNIX 4.0F with PK6 (BL17) installed Checksums for DUV40FB17-C0061801-12860-E-20020115.tar: /usr/bin/sum results: 29123 4140 /usr/bin/cksum results: 170166556 4239360 MD5 results: 2b5a4186681210bef2b76f46a3d2fd58 SHA1 results: 15c30ddcfcc60cad88f8fdee14f0bc485d507301 ECO KIT SUMMARY: An update ECO kit exists for Tru64 UNIX 4.0F. This is an early release, dupatch-based, patch kit that contains solutions to security vulnerabilities reported in SSRT1-41U, SSRT0742U, and SSRT0759U. The Patch Kit Installation Instructions document and the Patch Summary and Release Notes document provide patch kit installation and removal instructions and a summary of each patch. Please read through these documents prior to installing patches on your system. INSTALLATION NOTES: Install this kit with the dupatch utility that is included in the patch kit. You may need to baseline your system if you have manually changed system files on your system. The dupatch utility provides the baselining capability. The prerequisite for installing this patch kit is that you must have installed Tru64 UNIX 4.0F and PK6 (BL17). KNOWN PROBLEMS WITH THE PATCH KIT: None. RELEASE NOTES FOR DUV40FB17-C0061801-12860-E-20020115: This document summarizes the contents and special instructions for the Digital UNIX V4.0F patches contained in this kit. For information about installing or removing patches, baselining, and general patch management, see the Patch Kit Installation Instructions document. 1 Release Notes This Early Release Patch Kit Distribution contains: - fixes that resolve the problem(s) reported in: o SSRT0742U SSRT0759U SSRT1-40U SSRT1-41U SSRT1-42U SSRT1-45U SSRT1-48U * for Digital UNIX V4.0F DUV40FAS0006-20010620.tar (BL17) The patches in this kit are being released early for general customer use. Refer to the Release Notes for a summary of each patch and installation prerequisites. Patches in this kit are installed by running dupatch from the directory in which the kit was untarred. For example, as root on the target system: > mkdir -p /tmp/CSPkit1 > cd /tmp/CSPkit1 > > tar -xpvf DUV40D13-C0044900-1285-20000328.tar > cd patch_kit > ./dupatch 2 Special Instructions There are no special instructions for Digital UNIX V4.0F Patch C618.01 There are no special instructions for Digital UNIX V4.0F Patch C619.01 There are no special instructions for Digital UNIX V4.0F Patch C620.01 There are no special instructions for Digital UNIX V4.0F Patch C621.01 There are no special instructions for Digital UNIX V4.0F Patch C622.00 There are no special instructions for Digital UNIX V4.0F Patch C623.00 3 Summary of CSPatches contained in this kit Digital UNIX V4.0F PatchId Summary Of Fix ---------------------------------------- C618.01 SSRT1-40U,SSRT1-41U,SSRT1-42U,SSRT1-45U,SSRT1-48U C619.01 Security,SSRT1-40U,SSRT1-41U,SSRT1-42U,SSRT1-45U,SSRT1-48U C620.01 Security,SSRT1-40U,SSRT1-41U,SSRT1-42U,SSRT1-45U,SSRT1-48U C621.01 SSRT1-40U,SSRT1-41U,SSRT1-42U,SSRT1-45U,SSRT1-48U C622.00 SSRT1-40U,SSRT1-41U,SSRT1-42U,SSRT1-45U,SSRT1-48U C623.00 Security,SSRT1-40U,SSRT1-41U,SSRT1-42U,SSRT1-45U,SSRT1-48U 4 Additional information from Engineering None 5 Affected system files This patch delivers the following files: Digital UNIX V4.0F Patch C618.01 ./usr/bin/sh CHECKSUM: 39651 176 SUBSET: OSFBASE440 ./usr/bin/ksh CHECKSUM: 20513 320 SUBSET: OSFBASE440 ./usr/bin/csh CHECKSUM: 34814 304 SUBSET: OSFBASE440 ./usr/bin/Rsh CHECKSUM: 39651 176 SUBSET: OSFBASE440 ./usr/bin/posix/sh CHECKSUM: 20513 320 SUBSET: OSFBASE440 ./sbin/.upd..sh CHECKSUM: 15903 320 SUBSET: OSFBASE440 ./sbin/.upd..Rsh CHECKSUM: 15903 320 SUBSET: OSFBASE440 ./usr/bin/calendar CHECKSUM: 23253 4 SUBSET: OSFBASE440 ./usr/sbin/setup CHECKSUM: 17956 14 SUBSET: OSFBASE440 ./sbin/it.d/bin/gettimezone CHECKSUM: 37119 7 SUBSET: OSFBASE440 ./sbin/it.d/bin/load_usr_pak CHECKSUM: 06112 2 SUBSET: OSFBASE440 ./sbin/it CHECKSUM: 37119 7 SUBSET: OSFBASE440 ./sbin/init.d/.new..rmtmpfiles CHECKSUM: 23974 2 SUBSET: OSFBASE440 ./sbin/init.d/.mrg..rmtmpfiles CHECKSUM: 08044 6 SUBSET: OSFBASE440 ./usr/bin/crashdc CHECKSUM: 45600 8 SUBSET: OSFBASE440 ./usr/sbin/nissetup CHECKSUM: 09402 37 SUBSET: OSFCLINET440 ./usr/sbin/ypsetup CHECKSUM: 09402 37 SUBSET: OSFCLINET440 ./usr/sbin/cron CHECKSUM: 43272 80 SUBSET: OSFBASE440 ./usr/lbin/mkstemp CHECKSUM: 50595 32 SUBSET: OSFBASE440 ./usr/bin/gentapes CHECKSUM: 05043 21 SUBSET: OSFBASE440 ./usr/sbin/create_setupconf CHECKSUM: 10356 3 SUBSET: OSFBASE440 ./usr/sys/bin/btcreate CHECKSUM: 45546 145 SUBSET: OSFBINCOM440 ./usr/sys/bin/procprod CHECKSUM: 57642 208 SUBSET: OSFBINCOM440 ./usr/lib/nls/msg/en_US.ISO8859-1/ksh.cat CHECKSUM: 41240 6 SUBSET: OSFBASE440 ./usr/lib/nls/msg/en_US.ISO8859-1/mkstemp.cat CHECKSUM: 46601 1 SUBSET: OSFBASE440 ./usr/lib/nls/msg/en_US.ISO8859-1/cron.cat CHECKSUM: 26825 9 SUBSET: OSFBASE440 ./sys/BINARY/vfs.mod CHECKSUM: 10829 399 SUBSET: OSFBIN440 ./usr/sys/include/sys/fcntl.h CHECKSUM: 06394 12 SUBSET: OSFBINCOM440 ./usr/sbin/mailsetup CHECKSUM: 33680 68 SUBSET: OSFBASE440 ./sbin/kreg CHECKSUM: 60565 7 SUBSET: OSFBASE440 ./usr/bin/newinv CHECKSUM: 55245 5 SUBSET: OSFBASE440 ./usr/bin/gendisk CHECKSUM: 27162 19 SUBSET: OSFBASE440 ./usr/sys/bin/mktape CHECKSUM: 35080 22 SUBSET: OSFBINCOM440 ./usr/lib/nls/msg/en_US.ISO8859-1/csh.cat CHECKSUM: 41214 6 SUBSET: OSFBASE440 ./sys/BINARY/std_kern.mod CHECKSUM: 63600 1194 SUBSET: OSFBIN440 ./usr/sbin/bindsetup CHECKSUM: 25100 34 SUBSET: OSFCLINET440 ./usr/bin/kits CHECKSUM: 25426 7 SUBSET: OSFBASE440 ./usr/sbin/svcsetup CHECKSUM: 64843 11 SUBSET: OSFCLINET440 ./usr/lib/nls/msg/en_US.ISO8859-1/sh.cat CHECKSUM: 63623 4 SUBSET: OSFBASE440 ./sys/BINARY/proc.mod CHECKSUM: 37261 4 SUBSET: OSFBIN440 ./usr/bin/crontab CHECKSUM: 21082 56 SUBSET: OSFBASE440 Patch C619.01 ./etc/namedb/bin/make_hosts CHECKSUM: 27445 10 SUBSET: OSFINET440 Patch C620.01 ./usr/sbin/sys_check CHECKSUM: 18323 646 SUBSET: OSFSERVICETOOLS440 Patch C621.01 ./usr/lbin/spell/compress CHECKSUM: 45333 3 SUBSET: OSFDCMTEXT440 Patch C622.00 ./usr/sbin/secauthmigrate CHECKSUM: 09290 11 SUBSET: OSFC2SEC440 Patch C623.00 ./usr/dt/bin/lp_default CHECKSUM: 20362 2 SUBSET: OSFCDEDT440 [R] UNIX is a registered trademark in the United States and other countries licensed exclusively through X/Open Company Limited. Copyright Compaq Computer Corporation 2002. All Rights reserved. This software is proprietary to and embodies the confidential technology of Compaq Computer Corporation. Possession, use, or copying of this software and media is authorized only pursuant to a valid written license from Compaq or an authorized sublicensor. This ECO has not been through an exhaustive field test process. Due to the experimental stage of this ECO/workaround, Compaq makes no representations regarding its use or performance. The customer shall have the sole responsibility for adequate protection and back-up data used in conjunction with this ECO/workaround.