Code [aide001i]

Aide detected no changes. Good.

Code [aide002e]

Aide configuration files can make use of variable substitution in a way Tiger cannot make use of in the current Tiger version. Please supply a custom configuration file using Tiger_Run_AIDE_CFG_OVERRIDE and/or m in the /bin/mail and /bin/rmail utility for SunOS 4.x systems which can be used to gain unauthorized privileges. These programs are responsible for performing local mail delivery. Sun Patch ID 100224 provides a fix for this.

Code [sig016w]

CERT Advisory CA-93:15

A vulnerability exists in /usr/lib/sendmail which allows a remote user to gain access to the system.

Sun Patch ID 100377-07 provides a fix for SunOS 4.x.

Sun Patch ID 100840-03 provides a fix for Solaris 2.1.

Sun Patch ID 101077-03 provides a fix for Solaris 2.2.

(you should obtain the latest revision of the patch).

Code [sig017w]

CERT Advisory CA-93:15

A vulnerability exists in the 'tar' utility which causes it to place information from the passwd file in the archive set. Archives created with this version of 'tar' should not be distributed.

Sun Patch ID 100975-02 provides a fix for Solaris 2.1.

Sun Patch ID 101301-01 provides a fix for Solaris 2.2.

(you should obtain the latest revision of the patch)

Code [sig018w]

The /usr/kvm/modload program can be used to gain super-user privileges. Sun Patch ID 101200 provides a fix for this. The documentation for the patch indicates that it is for SunOS 4.1.3, but examination of the SunOS 4.1.2 /usr/kvm/modload indicates it suffers from the same problem. I do not know whether the modload binary in 101200 will work with SunOS 4.1.2.

Code [sig019w]