Patch-ID# 109734-01
Keywords: ENCRYPTION security international HA Logdump FTP fragmentation
Synopsis: SunScreen EFS 3.1 (Sparc) miscellaneous fixes.
Date: Jul/06/00

NOTE:
********************************************************************************

       EXPORT INFORMATION: This software contains encryption features and
       requires export approval from the U.S. Department of State, prior to
       exporting from the United States.

       This patch is for a product which performs cryptographic functions,
       which are subject to U.S. export control, and must not be exported
       outside the U.S. without prior approval of the U.S. government.
       Prior export approval must be obtained by the user of this product.

       By obtaining this software, you are agreeing to comply with all
       of the United States and other applicable country laws and
       regulations when either exporting, re-exporting or importing
       this software or any underlying information or technology.
       Further, you acknowledge that you are not a national of Cuba,
       Iran, Iraq, Libya, North Korea, Sudan or Syria or a party that
       is listed in the U.S. Table of Denial Orders or U.S. Treasury
       Department's list of Specially Designated Nationals.

       Product is restricted from being used for the design or
       development of nuclear, chemical, biological, weapons or
       missile technology without the prior permission of the U.S.
       Government.

********************************************************************************

Solaris Release: 2.6 7 8

SunOS Release: 5.6 5.7 5.8

Unbundled Product: SunScreen

Unbundled Release: 3.1

Xref: This patch is available for x86 as Patch 109735-01.

BugId's fixed with this patch: 4326689 4328055 4333069 4347894 4347899 4347905

Changes incorporated in this version: 4326689 4328055 4333069 4347894 4347899 4347905

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

       SUNWicgSS
       /kernel/strmod/efs
       /kernel/strmod/spf
       /kernel/strmod/sparcv9/efs
       /kernel/strmod/sparcv9/spf
       /kernel/drv/screen
       /kernel/drv/sparcv9/screen
       /usr/kernel/misc/screen_ftp
       /usr/kernel/misc/sparcv9/screen_ftp
       /opt/SUNWicg/SunScreen/ssadm/logdump
       /opt/SUNWicg/SunScreen/lib/logdump
       /opt/SUNWicg/SunScreen/lib/ss_compiler
       /opt/SUNWicg/SunScreen/admin/cgi-bin/html_logdump

       SUNWicgSA
       /opt/SUNWicg/SunScreen/ssadm/logdump

       Note: 64bit sparcv9 kernel modules not included in x86 patch.

Problem Description:

       4326689 - Passive HA stealth screen sends ARP's
       4328055 - Logdump -i file -x0 does not display hex dump of packet
       4333069 - Traffic passes to undefined addresses when interface addr
                 grp used in rules.
       4347894 - Protection against PASV FTP attacks
       4347899 - File containing something that looks like FTP commands
                 could be misinterpreted
       4347905 - Protection against jolt2.c fragmentation attacks


Patch Installation Instructions for the Administration Station
--------------------------------------------------------------

1. Become root on the Administration Station.

2. If you are running Solaris 2.6 on the administration station, ensure
  that you have already installed the latest version of Solaris patch 106125.
  Version 106125-06 is available on your EFS 3.1 CD.

3. Transfer the patch file to the Administration Station.

4. Then type:

       # uncompress 109734-01.tar.Z
       # tar xf 109734-01.tar
       # patchadd 109734-01


Patch Installation Instructions for Locally Administered Screens
----------------------------------------------------------------

1. Become root on the Screen.

2. If you are running Solaris 2.6 on the Screen, ensure that you have
  already installed the latest version of Solaris patch 106125-06.
  Version 106125-06 is available on your SunScreen EFS 3.1 CD.

3. Transfer patch file to the Screen using a diskette or ftp (with 3 MB free).

4. Type the following:
       # uncompress 109734-01.tar.Z
       # tar xf 109734-01.tar
       # patchadd 109734-01

5. Reboot the Screen.


Patch Installation Instructions for Remotely Administered Screens in
Stealth Mode
--------------------------------------------------------------------

Use this procedure ONLY if you cannot otherwise transfer the patch to
the Screen.

1. Become root on the Administration Station.

2. If you are running Solaris 2.6 on the Screen, ensure that you have
  already installed the latest version of Solaris patch 106125-06.
  Version 106125-06 is available on your SunScreen EFS 3.1 CD.

3. Transfer the patch file to the Administration Station.

4. Type the following:
       # ssadm -r <Name_of_Screen> patch install < 109734-01.tar.Z


Instructions for Identifying Patches Installed on System
--------------------------------------------------------

1. To identify the patch level on your locally administered Screen,
  type the commands:

       # ls -lt /var/sadm/patch > screen.pkginfo
       # pkginfo -l >> screen.pkginfo

2. To identify the patch level on your remotely administered Screen
  in stealth mode:

       # ssadm -r <Name_of_Screen> lib/support packages > screen.pkginfo

  This shows (1) ls -lt /var/sadm/patch, (2) pkginfo -l, and
  (3) the contents of /var/log/patch.log.

3. To identify the patch level on your Administration Station, type
  the commands:

       # ls -lt /var/sadm/patch > admin.pkginfo
       # pkginfo -l >> admin.pkginfo


Instructions to remove the patch on the Administration Station
--------------------------------------------------------------

1. Become root on the Administration Station.

2. Then type:

       # patchrm 109734-01


Instructions to Remove the Patch on Locally Administered Screen
---------------------------------------------------------------

1. Become root on the Screen.

2. Type the following:

       # patchrm 109734-01


Instructions to Remove the Patch on Remotely Administered Screens in
Stealth Mode
--------------------------------------------------------------------

Use this procedure ONLY if you cannot otherwise obtain access to a
login prompt on the Screen.

1. Become root on the Administration Station.

2. If you are running Solaris 2.6 on the Screen, ensure that you have
  already installed the latest version of Solaris patch 106125-06.
  Version 106125-06 is available on your SunScreen EFS 3.1.

3. Type the following:
       # ssadm -r <Name_of_Screen> patch backout 109734-01


Additional Patch Installation Instructions
------------------------------------------
 Refer to the "Install.info" file within the patch for instructions on
 using the generic 'installpatch' and 'backoutpatch' scripts provided
 with each patch.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.