Patch-ID# 113273-07
Keywords: security sshd sftp-server integer overlow pam keyboard interactive
Synopsis: SunOS 5.9: /usr/lib/ssh/sshd Patch
Date: Jul/26/2004


Install Requirements: Install in Single User Mode                      
                      Reconfigure immediately after patch is installed                      
                      
Solaris Release: 9

SunOS Release: 5.9

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for x86 as patch 114858

Topic: SunOS 5.9: /usr/lib/ssh/sshd Patch

Relevant Architectures: sparc

BugId's fixed with this patch: 4708590 4718590 4725702 4801044 4860120 4895076 4923312 4939055 5006469

Changes incorporated in this version: 5006469

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

/usr/lib/ssh/sftp-server
/usr/lib/ssh/sshd

Problem Description:

5006469 sshd is not calling pam_close_session() when exiting
 
(from 113273-06)
 
4939055 ssh does not return standard errors
 
(from 113273-05)
 
4718590 sshd doesn't do proper check when changing expired passwords
4895076 ssh does not allow logins after password expiration when using pk authentication
4725702 sshd fails to report remote address when listening to IPv4 only
 
(from 113273-04)
 
4923312 Possible root exploit in ssh
 
(from 113273-03)
 
4860120 ssh echoes back "Kerberos authentication failed:  password incorrect"
 
(from 113273-02)
 
4801044 sshd writes incorrect audit session ID for logout events
 
(from 113273-01)
 
4708590 sshd(1m) vulnerable to integer overlow in PAM keyboard interactive code

Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-9 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
 
NOTE 1: Please reboot your system after the installation of this patch.
 
NOTE 2: To get the complete fix for the bug 4939055, please install
        114356-03 (or newer)

README -- Last modified date:  Friday, September 24, 2004