[1862] in Release_7.7_team
Athena 8.2.20 patch release *SHORT NOTICE*
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Wed Jul 14 05:27:29 1999
Message-Id: <199907140927.FAA01224@stratton-eight.mit.edu>
From: Jonathon Weiss <jweiss@MIT.EDU>
To: release-announce@MIT.EDU
Date: Wed, 14 Jul 1999 05:27:21 EDT
Sometime soon, possibly as soon as, Wednesday night 7/14/1999
(tonight) the Athena patch release 8.2.20 will be deployed for Solaris
(8.2.20 will not exist for IRIX). Mail will be sent this afternoon
with a definate time for the patch release. This release only
introduces one change:
* The cmsd service will be turned off in /etc/inet/inetd.conf.
The reason for this release and the reason that it is being put out
with short notice is that a remotely accessable root exploit has been
discovered in the cmsd service. This bug does not does not exist in
IRIX which is why there is no 8.2.20 release for the SGIs.
If you are not prepared to take this patch release when it is
released, it is strongly suggested that you comment out the cmsd
service by hand. If you take the 8.2.20 release, the following is
unnecessary. To do this:
1) as root edit /etc/inet/inetd.conf, and find the following line:
100068/2-4 dgram rpc/udp wait root /usr/openwin/bin/rpc.cmsd rpc.cmsd
and add a '#' at the beginning of it, yielding:
#100068/2-4 dgram rpc/udp wait root /usr/openwin/bin/rpc.cmsd rpc.cmsd
and save the file
2) sent the native solaris inetd (athena machines also run an athena
inetd) a HUP signal. One possible command (as root) that will do this is:
ps -ef | grep /usr/sbin/inetd | grep -v grep | awk '{print $2}' | xargs kill -1
Questions and comments should go to release-team@mit.edu.
