SUN MICROSYSTEMS SECURITY BULLETIN: #00113

This information is only to be used for the purpose of alerting
customers to problems.  Any other use or re-broadcast of this 
information without the express written consent of Sun Microsystems
shall be prohibited.

Sun expressly disclaims all liability for any misuse of this information
by any third party.
---------------------------------------------------------------------------


   All patches listed are available through your local Sun answer centers
   worldwide as well as through anonymous ftp:  in the US, ftp to ftp.uu.net 
   and obtain the patch from the ~ftp/sun-dist directory; in Europe, ftp to 
   mcsun.eu.net and obtain the patch from the ~ftp/sun/fixes directory.


Please refer to the BugID and PatchID when requesting patches from Sun
answer centers.

Please refer to the information below for additional information.
--------------------------------------------------------------------------

Sun Bug ID  : 1074961
Synopsis    : SunOS 4.0.3/4.1/4.1.1 rdist (remote file distribution) program 
              can be used to create a setuid root shell.
Sun Patch ID: 100383-03
Checksum of compressed tarfile 100383-03.tar.Z on ftp.uu.net = 50273    163

Please note that this patch fixes a new problem discovered in rdist.
If you use the rdist program, Sun advises that you apply this patch 
to your SunOS 4.1 or 4.1.1 systems by replacing your /usr/ucb/rdist binary 
with the one provided in the patch.  Please refer to the README file in the
patch for more information.  If you are not using rdist, Sun recommends
that you change the permissions of /usr/ucb/rdist to 0100.


Kenneth L. Pon
Sun Microsystems, Inc. 
Software Security Coordinator