Note: This is an archival copy of Security Sun Alert 200542 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000413.1.
Solaris 2.6 Operating System
Solaris 7 Operating System
Date of Resolved Release
On Solaris 2.6 and Solaris 7 systems, the inetd.conf(4) file may get erroneously overwritten during installation of certain cachefs patches. The resulting new "inetd.conf" file may re-enable services that were previously disabled (e.g. for security reasons).
This issue can occur in the following releases:
Note: Solaris 8 and 9 are not affected by this issue. The cachefs patches are part of the current "Recommended & Security Patches" cluster.
After installation of one of the above listed patches, some services may be enabled which were previously disabled. The symptoms experienced will depend upon which services had been disabled.
To work around the described issue, make a backup copy of the existing inetd.conf(4) file before installing the cachefs patches and then restore the inetd.conf(4) file after patch installation. For example:
# cp /etc/inet/inetd.conf /etc/inetd/inetd.conf.prepatch # patchadd <cachefs patch> # cp /etc/inet/inetd.conf.prepatch /etc/inetd/inetd.conf
If the Solaris 2.6 or 7 cachefs patches have already been installed on the system, review the inetd.conf(4) file for entries which may have been changed by the patch installation.
This issue is addressed in the following releases:
This solution has no attachment