SUN MICROSYSTEMS SECURITY BULLETIN: #00114 ADDENDUM This information is only to be used for the purpose of alerting customers to problems. Any other use or re-broadcast of this information without the express written consent of Sun Microsystems shall be prohibited. Sun expressly disclaims all liability for any misuse of this information by any third party. --------------------------------------------------------------------------- All patches listed are available through your local Sun answer centers worldwide as well as through anonymous ftp: in the US, ftp to ftp.uu.net and obtain the patch from the ~ftp/sun-dist directory; in Europe, ftp to mcsun.eu.net and obtain the patch from the ~ftp/sun/fixes directory. Please refer to the BugID and PatchID when requesting patches from Sun answer centers. Please refer to the information below for additional information. -------------------------------------------------------------------------- Sun Bug ID : 1076118 Synopsis : An OpenWindows, version 3, setuid program (loadmodule(8)) can be exploited to execute a user's program using the effective UID of root. Sun Patch ID: 100448-01 Checksum of compressed tarfile 100448-01.tar.Z on ftp.uu.net = 04354 5 The README file for this patch has been modified since the release of the original alert of 11 December 91. The new checksum is shown above. I apologize for any inconvenience or confusion this may have caused. Sun advises that you replace the exploitable executable file with the replacement provided in the patch. Note that 3.0 OpenWindows is only supported on sun4 and sun4c architectures that use SunOS 4.1.1. The executable provided works for both the sun4 and sun4c architectures. Please refer to the patch's README file for more information. Kenneth L. Pon Sun Microsystems, Inc. Software Security Coordinator