COMMAND

    ftpd/rlogind

SYSTEMS AFFECTED

    SunOS 5.5.1,  5.5.1_x86, 5.5,  5.5_x86, 5.4,  5.4_x86, 5.3, 4.1.4,
    and 4.1.3_U1

PROBLEM

    The daemon in.ftpd  is the Internet  File Transfer Protocol  (FTP)
    server  process  and  the  daemon  in.rlogind is the rlogin server
    process. This vulnerability, if exploited, allows an  unprivileged
    user to connect from an ftp server's data port to a rlogin  server
    on a host that trusts the host that the ftp server resides on.  If
    exploited,  attackers  may  execute  arbitrary  commands  on   the
    attacked host.

SOLUTION

    The vulnerability is fixed in  Solaris 2.6.  The vulnerability  in
    ftpd/rlogind is fixed by the following patches:

    OS version          Patch ID
    __________          ________
    SunOS 5.5.1         103603-05
                        104935-01
    SunOS 5.5.1_x86     103604-05
                        104936-01
    SunOS 5.5           103577-06
                        104933-01
    SunOS 5.5_x86       103578-06
                        104934-01
    SunOS 5.4           101945-51
    SunOS 5.4_x86       101946-45
    SunOS 5.3           104938-01
    SunOS 4.1.4         104477-03
    SunOS 4.1.3_U1      104454-03