OBSOLETE Patch-ID# 109737-05
Keywords: ENCRYPTION EFS security international HA Logdump FTP fragmentation proxy
Synopsis: Obsoleted by: 109737-06 SunScreen 3.1 LITE (Intel) miscellaneous fixes.
Date: Jul/25/2001

******************************************************
  The items made available through this website
  are subject to United States export laws and
  may be subject to export and import laws
  of other countries. You agree to strictly comply
  with all such laws and obtain licenses to
  export, re-export, or import as may be required.
  Unless expressly authorized by the United States
  Government to do so you will not, directly or
  indirectly, export or re-export the items made
  available through this website, nor direct the
  items therefrom, to any  embargoed or restricted
  country identified in the United States export
  laws, including but not limited to the Export
  Administration Regulations (15 C.F.R. Parts
  730-774).
******************************************************

Solaris Release: 8_x86

SunOS Release: 5.8_x86

Unbundled Product: SunScreen EFS

Unbundled Release: 3.1

Xref: This patch is available for Sparc as Patch 109736.

Topic:

Relevant Architectures: i386

BugId's fixed with this patch: 4328055 4333069 4347894 4347899 4347905 4365144 4366229 4368757 4370757 4371831 4373963 4373964 4395538 4400107 4412981 4418578 4431381 4432276

Changes incorporated in this version: 4432276

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

       /kernel/drv/screen
       /kernel/strmod/efs
       /opt/SUNWicg/SunScreen/admin/cgi-bin/html_logdump
       /opt/SUNWicg/SunScreen/lib/getlog
       /opt/SUNWicg/SunScreen/lib/logdump
       /opt/SUNWicg/SunScreen/lib/screeninfo
       /opt/SUNWicg/SunScreen/lib/ss_compiler
       /opt/SUNWicg/SunScreen/lib/ss_logd
       /opt/SUNWicg/SunScreen/lib/statetables
       /opt/SUNWicg/SunScreen/ssadm/edit
       /opt/SUNWicg/SunScreen/ssadm/logstats
       /opt/SUNWicg/SunScreen/support/packages
       /opt/SUNWicg/SunScreen/support/versions
       /usr/kernel/drv/screen_skip
       /usr/kernel/misc/screen_ftp
/opt/SUNWicg/SunScreen/ssadm/logdump

Note: 64bit sparcv9 kernel modules not included in x86 patch.
Files changed in this version of the patch:
       /kernel/drv/screen
       /opt/SUNWicg/SunScreen/lib/statetables

Problem Description:

4432276 - Performance degradation due to inefficient TCP Hash function

       (from 109737-04)

       4418578 - IP addresses garbled with first activation of policy
       4412981 - ftp state engine does not recognize RST
       4431381 - ftp state engine confused in certain instances when
                 MicroSoft server is used

       (from 109737-03)

       4400107 - something consuming large amounts of kernel memory
       4395538 - ss_logd core dumps causing the system to hang
       4373963 - screeninfo output gets truncated.
       4266794 - screeninfo does not return if ip forwarding status
       4373976 - misc enhancements to screeninfo.
       4048429 - Configurations names with spaces don't work
       4373966 - screeninfo does not get SCCS versions of all files.
       4373972 - screeninfo should perform consistancy checks on  packages.
       4373964 - Patch information retrieved by screeninfo can be incorrect.
       4365144 - Fix not correctly implemented for Trusted Solaris.

       (from 109737-02)

       4365144 - ftp state engine can't handle tcp option tstamp
       4366229 - Possible for encryption rules to generate system panic
       4368757 - "*" service includes iptunnel service which could
                 be misunderstood and lead to an insecure screen
       4370757 - ftp with NAT has sequence number problem which was
                 introduced after fix for PASV FTP attacks
       4371831 - "Fragmentation Needed but DF bit set" message sent out
                 in error when encryption rules are used

       (from 109737-01)

       4328055 - Logdump -i file -x0 does not display hex dump of packet
       4333069 - Traffic passes to undefined addresses when interface addr
                 grp used in rules.
       4347894 - Protection against PASV FTP attacks
       4347899 - File containing something that looks like FTP commands
                 could be misinterpreted
       4347905 - Protection against jolt2.c fragmentation attacks

Patch Installation Instructions:
--------------------------
None.

Special Install Instructions:
-----------------------------

Installation Instructions for the Administration Station
--------------------------------------------------------

1. Become root on the Administration Station.

2. If you are running Solaris 2.6 on the administration station, ensure
  that you have already installed the latest version of Solaris patch 106126.
  Version 106126-06 is available on your EFS 3.1 CD.

3. Transfer the patch file to the Administration Station.

4. Then type:

       # uncompress 109737-05.tar.Z
       # tar xf 109737-05.tar
       # patchadd 109737-05


Installation Instructions for Locally Administered Screens
----------------------------------------------------------

1. Become root on the Screen.

2. If you are running Solaris 2.6 on the Screen, ensure that you have
  already installed the latest version of Solaris patch 106126-06.
  Version 106126-06 is available on your SunScreen EFS 3.1 CD.

3. Transfer patch file to the Screen using a diskette or ftp (with 3 MB free).

4. Type the following:
       # uncompress 109737-05.tar.Z
       # tar xf 109737-05.tar
       # patchadd 109737-05

5. Reboot the Screen.



Instructions for Identifying Patches Installed on System
--------------------------------------------------------

1. To identify the patch level on your locally administered Screen,
  type the commands:

       # ls -lt /var/sadm/patch > screen.pkginfo
       # pkginfo -l >> screen.pkginfo

2. To identify the patch level on your remotely administered Screen.

       # ssadm -r <Name_of_Screen> lib/support packages > screen.pkginfo

  This shows (1) ls -lt /var/sadm/patch, (2) pkginfo -l, and
  (3) the contents of /var/log/patch.log.

3. To identify the patch level on your Administration Station, type
  the commands:

       # ls -lt /var/sadm/patch > admin.pkginfo
       # pkginfo -l >> admin.pkginfo


Instructions to remove the patch on the Administration Station
--------------------------------------------------------------

1. Become root on the Administration Station.

2. Then type:

       # patchrm 109737-05


Instructions to Remove the Patch on Locally Administered Screen
---------------------------------------------------------------

1. Become root on the Screen.

2. Type the following:

       # patchrm 109737-05


Additional Patch Installation Instructions
------------------------------------------
 Refer to the "Install.info" file within the patch for instructions on
 using the generic 'installpatch' and 'backoutpatch' scripts provided
 with each patch.

README -- Last modified date:  Tuesday, November 20, 2001

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.