Rapid7 Vulnerability & Exploit Database

Sun Patch: Solstice AdminSuite 3.0.1: NIS + compat passwd autohome rights fix

Back to Search

Sun Patch: Solstice AdminSuite 3.0.1: NIS + compat passwd autohome rights fix



From Sun Patch 109413-10

Sun has released a security patch addressing the following issues:

4756006 3.0.1 adminsuite can't manage nis domain from virtual interface as root
(from 109413-09)
4517531 User's rights change with AdminSuite 3.0.1 doesn't work properly
(from 109413-08)
4518356 Adminsuite 3.0.1 reverses NIS+ host table information (name/cname)
(from 109413-07)
4470402 Added rights cannot be removed (AdminSuite 3.0.1, Solaris 8 1/01, 4/01)
(from 109413-06)
4431256 change user's password and the the shell change
(from 109413-05)
4428879 adminsuite 3.0 and 3.0.1 will not allow users home directory to be created
4432176 AdminSuite 3.0.1 problems with NIS+ passwd entries
(from 109413-04)
4410452 Current patches for Adminsuite 3.0 and 3.0.1 don't restart the server on install
(from 109413-03)
4318890 possible problem with  passwd min/max varibles in correct field
(from 109413-02)
4372914 AdminSuite 3/NIS+: change shell or GECOS fields mangles entry in passwd.org_dir
4341813 AdminSuite 3.0 sets wrong homedirectory using usrmgr in NIS-Environment
(from 109413-01)
4305942 admsvr3_0 fails to start with 'compat' in nsswitch.conf
	This patch fixes the admsvr3_0 start failures, but when the
	compat option is used in /etc/nsswitch.conf, a subset of the
	complete functionality of the normal compat option will be used
	when searching for user authorizations.
	A table of authorization search orders based on the configuration
	of /etc/nsswitch.conf and /etc/passwd follows:
	/etc/passwd ends in +   passwd_compat:        search order
	yes                     none                  files nis
	yes                     nis                   files nis
	yes                     nisplus               files nisplus
	no                      any                   files
	For example, if the compat option is used, and the /etc/passwd
	file ends with a +, and there is no passwd_compat target in the
	nsswitch.conf, then the search order for authorizations will be
	first all of /etc/passwd, then all of the NIS passwd map.
	Other special compat mode syntax, such as +-user or +-netgroup,
	is NOT supported.  In order to eliminate any confusion in assigning
	authorizations, it is highly recommended that all administrative
	users not be users who go through any of the unsupported compat
	switch syntax when logging in.


  • sunpatch-solaris-109413

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center