TUCoPS :: Unix :: General :: ciac-1~1.txt

Unix rcp Rdist Patch


            Several weeks ago, the DOE Computer Incident Advisory Capability (CIAC) reported a
            UNIX security problem involving rcp  and  rdist  in  4.3BSD,
            4.3BSD-tahoe,  and all versions of UNIX using BSD networking
            code, as well as SunOS (all versions).  Patches for BSD  but
            not  SUN  systems were available at the time you received an
            announcement  about  the  rcp  and  rdist   vulnerabilities.
            However,   patches   for  SUN3  and  SUN4  systems  are  now
            available.   You  may  obtain  these  patches  from  several
            sources,  to be described shortly.  To transfer the patches:
            Log in to your local SUN machine.  Get  into  the  directory
            into  which you want the patches to be transferred.  You can
            accomplish this by typing: __ "dir", where "dir" is the name
            of the directory to which you want to copy the patches.  Use
            one of the following options: OPTION I- Transfer the Patches
            from  Type:  ___  _____.__.___    <RETURN> The
            remote system will prompt you as follows:              Name:
                         type:  _________  <RETURN>              Passwd:
                       type: _____ <RETURN>            ftp> When you get
            an "ftp>" prompt then
                Type: __ ___-_____ <RETURN>
                and then type: __ <RETURN>
                (this will help you see what directory you are in.) Then
            type:  ____  _____  <RETURN>  Now  you are ready to copy the
            patches. If you are running  a  SUN3  system,  i.e.  68020.,
            Type:  ___  rcp.sun3.Z  <RETURN>  Or  for SUN4 systems, i.e.
            SPARC architecture., type: ___ rcp.sun4.Z  <RETURN>  Do  the
            same  for: ___ "rdist.sun3.Z" <RETURN> or ___ "rdist.sun4.Z"
            <RETURN> Finally type: ____ <RETURN>

                       June 12, 1996

                           - 2 -

OPTION II- Transfer the patches from

If  you  cannot  connect  to,  then  try   the
following:  Type:  ___  ___-___.____.___ <RETURN> The remote
system will prompt you as follows:            Name:
type: _________ <RETURN>            Passwd:            type:
_____ <RETURN>            ftp> Type: __ ___ <RETURN> Get the
files  as  shown above. (Refer to I.c and I.d above) Finally
type: ____ <RETURN>

To install the patches on your system:  After  you  get  the
patches   and  are  back  to  your  local  machine,  do  the
following:  Make  your  files  readable.   Type:  __________
___.____._. <RETURN> Type: __________ _____.____._. <RETURN>
the _____.____._ is for SUN3 systems, if you have a SUN4  it
will  be _____.____._. The same naming rule is being used on
___.____._.  Replace the original rcp and  rdist.   You  can
achieve this by: 2.1) Type: _______ ___ <RETURN>
   Your  computer  will   return   a   pathname   such   as:
   Write down that pathname.  2.2) Do the same for  "rdist".
Type:  _______  _____  <RETURN> 2.3) Type: __ "___-________"
"___-________.____" <RETURN>
   (where "rcp-pathname"  is  the  pathname  from  step  2.1
   Type: __ "_____-________" "_____-________.____" <RETURN>
   (where "rdist-pathname" is the  pathname  from  step  2.2
   Type: __ ___.____ "___-________" <______>
   Type: __ _____.____ "___-________" <RETURN> You  can  now
test  these  utilities.  If  you  cannot  connect  to either or via  the  network  or  need
further assistance, please contact:
     Ana Maria De Alvare'
     (415) 422-7007 or (FTS) 532-7007

     or send e-mail to:

                       June 12, 1996

