TITLE: Tru64 UNIX Security Vulnerability SSRT1-41U, SSRT0742U, SSRT0759U New Kit Date: 28-JAN-2002 Modification Date: Not Applicable Modification Type: New Kit: Early Release Patch Kit (ERP) Copyright (c) Compaq Computer Corporation 2002. All rights reserved. PRODUCT: Tru64 UNIX [R] 5.1 SOURCE: Compaq Computer Corporation ECO INFORMATION: ECO Name: T64V51B18-C0094800-12864-E-20020115.tar ECO Kit Approximate Size: 4.2MB Kit Applies To: Tru64 UNIX 5.1 with PK4 (BL18) installed Checksums for T64V51B18-C0094800-12864-E-20020115.tar: /usr/bin/sum results: 02943 4140 /usr/bin/cksum results: 3939215942 4239360 MD5 results: 36d30763349d27abb15505d8a3c89c37 SHA1 results: 588384f5ae498ac7ae843a0557cb775c22f44fce ECO KIT SUMMARY: An update ECO kit exists for Tru64 UNIX 5.1. This is an early release, dupatch-based, patch kit that contains solutions to security vulnerabilities reported in SSRT1-41U, SSRT0742U, and SSRT0759U. The Patch Kit Installation Instructions document and the Patch Summary and Release Notes document provide patch kit installation and removal instructions and a summary of each patch. Please read through these documents prior to installing patches on your system. INSTALLATION NOTES: Install this kit with the dupatch utility that is included in the patch kit. You may need to baseline your system if you have manually changed system files on your system. The dupatch utility provides the baselining capability. The prerequisite for installing this patch kit is that you must have installed Tru64 UNIX 5.1 and PK4 (BL18). KNOWN PROBLEMS WITH THE PATCH KIT: None. RELEASE NOTES FOR T64V51B18-C0094800-12864-E-20020115: This document summarizes the contents and special instructions for the Tru64 UNIX V5.1 patches contained in this kit. For information about installing or removing patches, baselining, and general patch management, see the Patch Kit Installation Instructions document. 1 Release Notes This Early Release Patch Kit Distribution contains: - fixes that resolve the problem(s) reported in: o SSRT1-40U SSRT1-41U SSRT1-42U SSRT1-45U SSRT1-48U * for Tru64 UNIX V5.1 T64V51B18AS0004-20011114.tar (BL18) The patches in this kit are being released early for general customer use. Refer to the Release Notes for a summary of each patch and installation prerequisites. Patches in this kit are installed by running dupatch from the directory in which the kit was untarred. For example, as root on the target system: > mkdir -p /tmp/CSPkit1 > cd /tmp/CSPkit1 > > tar -xpvf DUV40D13-C0044900-1285-20000328.tar > cd patch_kit > ./dupatch 2 Special Instructions There are no special instructions for Tru64 UNIX V5.1 Patch C948.00 There are no special instructions for Tru64 UNIX V5.1 Patch C952.00 There are no special instructions for Tru64 UNIX V5.1 Patch C944.00 There are no special instructions for Tru64 UNIX V5.1 Patch C953.00 3 Summary of CSPatches contained in this kit Tru64 UNIX V5.1 PatchId Summary Of Fix ---------------------------------------- C948.00 Security,SSRT1-40U,SSRT1-41U,SSRT1-42U,SSRT1-45U,SSRT1-48U C952.00 Security,SSRT1-40U,SSRT1-41U,SSRT1-42U,SSRT1-45U,SSRT1-48U C944.00 Security,SSRT1-40U,SSRT1-41U,SSRT1-42U,SSRT1-45U,SSRT1-48U C953.00 Security,SSRT1-40U,SSRT1-41U,SSRT1-42U,SSRT1-45U,SSRT1-48U 4 Additional information from Engineering None 5 Affected system files This patch delivers the following files: Tru64 UNIX V5.1 Patch C948.00 ./usr/bin/csh CHECKSUM: 27049 304 SUBSET: OSFBASE510 ./sbin/it.d/bin/dnconvdir/dn_fix CHECKSUM: 16496 10 SUBSET: OSFBASE510 ./sbin/it.d/bin/dnconvert CHECKSUM: 17185 5 SUBSET: OSFBASE510 ./sbin/it.d/bin/do_versw CHECKSUM: 11179 4 SUBSET: OSFBASE510 ./sbin/it.d/bin/gettimezone CHECKSUM: 06962 8 SUBSET: OSFBASE510 ./sbin/it.d/bin/load_usr_pak CHECKSUM: 09469 2 SUBSET: OSFBASE510 ./sbin/it CHECKSUM: 16496 10 SUBSET: OSFBASE510 ./sbin/init.d/.new..rmtmpfiles CHECKSUM: 63284 3 SUBSET: OSFBASE510 ./sbin/init.d/.mrg..rmtmpfiles CHECKSUM: 36668 6 SUBSET: OSFBASE510 ./usr/bin/crashdc CHECKSUM: 58703 7 SUBSET: OSFBASE510 ./usr/bin/crontab CHECKSUM: 37259 50 SUBSET: OSFBASE510 ./usr/lbin/mkstemp CHECKSUM: 10384 29 SUBSET: OSFBASE510 ./sbin/kreg CHECKSUM: 60565 7 SUBSET: OSFBASE510 ./usr/sbin/svcsetup CHECKSUM: 34908 11 SUBSET: OSFCLINET510 ./usr/sys/bin/mktape CHECKSUM: 63351 25 SUBSET: OSFBINCOM510 ./usr/lib/nls/msg/en_US.ISO8859-1/cron.cat CHECKSUM: 04036 9 SUBSET: OSFBASE510 ./usr/bin/gentapes CHECKSUM: 29129 21 SUBSET: OSFBASE510 ./usr/sbin/evmreload CHECKSUM: 13937 4 SUBSET: OSFBASE510 ./usr/sys/bin/procprod CHECKSUM: 28987 319 SUBSET: OSFBINCOM510 ./sys/BINARY/vfs.mod CHECKSUM: 11421 449 SUBSET: OSFBIN510 ./usr/bin/kits CHECKSUM: 34622 7 SUBSET: OSFBASE510 ./usr/bin/gendisk CHECKSUM: 59355 22 SUBSET: OSFBASE510 ./usr/sbin/ip6_setup CHECKSUM: 59707 38 SUBSET: OSFCLINET510 ./usr/lib/nls/msg/en_US.ISO8859-1/mkstemp.cat CHECKSUM: 46601 1 SUBSET: OSFBASE510 ./usr/sys/bin/btcreate CHECKSUM: 39471 165 SUBSET: OSFBINCOM510 ./sys/BINARY/proc.mod CHECKSUM: 20287 4 SUBSET: OSFBIN510 ./sys/BINARY/std_kern.mod CHECKSUM: 09352 1533 SUBSET: OSFBIN510 ./usr/sbin/cron CHECKSUM: 30761 78 SUBSET: OSFBASE510 ./usr/bin/newinv CHECKSUM: 06005 5 SUBSET: OSFBASE510 Patch C952.00 ./usr/dt/bin/dtsetup CHECKSUM: 10734 191 SUBSET: OSFCDEDT510 Patch C944.00 ./usr/sbin/sys_check CHECKSUM: 12708 646 SUBSET: OSFSERVICETOOLS510 Patch C953.00 ./usr/dt/bin/lp_default CHECKSUM: 50062 2 SUBSET: OSFCDEDT510 [R] UNIX is a registered trademark in the United States and other countries licensed exclusively through X/Open Company Limited. Copyright Compaq Computer Corporation 2002. All Rights reserved. This software is proprietary to and embodies the confidential technology of Compaq Computer Corporation. Possession, use, or copying of this software and media is authorized only pursuant to a valid written license from Compaq or an authorized sublicensor. This ECO has not been through an exhaustive field test process. Due to the experimental stage of this ECO/workaround, Compaq makes no representations regarding its use or performance. The customer shall have the sole responsibility for adequate protection and back-up data used in conjunction with this ECO/workaround.