81 lines
3.0 KiB
Plaintext
81 lines
3.0 KiB
Plaintext
|
|
||
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
||
|
|
|
||
|
|
===========================================================================
|
||
|
|
CA-91:12 CERT Advisory
|
||
|
|
August 22, 1991
|
||
|
|
Trusted Hosts Configuration Vulnerability
|
||
|
|
|
||
|
|
- ---------------------------------------------------------------------------
|
||
|
|
|
||
|
|
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
|
||
|
|
received information concerning a vulnerability in the configuration
|
||
|
|
of several system files. This advisory discusses a workaround since
|
||
|
|
there are no permanent patches available at this time.
|
||
|
|
|
||
|
|
This vulnerability is present in a very large number of UNIX-based
|
||
|
|
operating systems. Therefore, we recommend that ALL sites take the
|
||
|
|
corrective actions listed below.
|
||
|
|
|
||
|
|
- ---------------------------------------------------------------------------
|
||
|
|
|
||
|
|
I. DESCRIPTION:
|
||
|
|
|
||
|
|
The presence of a '-' as the first character in /etc/hosts.equiv,
|
||
|
|
/etc/hosts.lpd and .rhosts files may allow unauthorized access
|
||
|
|
to the system.
|
||
|
|
|
||
|
|
II. IMPACT:
|
||
|
|
|
||
|
|
Remote users can gain unauthorized root access to the system.
|
||
|
|
|
||
|
|
III. SOLUTION:
|
||
|
|
|
||
|
|
Rearrange the order of entries in the hosts.equiv, hosts.lpd,
|
||
|
|
and .rhosts files so that the first line does not contain
|
||
|
|
a leading '-' character.
|
||
|
|
|
||
|
|
Remove hosts.equiv, hosts.lpd, and .rhosts files containing only
|
||
|
|
entries beginning with a '-' character.
|
||
|
|
|
||
|
|
.rhosts files in ALL accounts, including root, bin, sys, news, etc.,
|
||
|
|
should be examined and modified as required. .rhosts files that
|
||
|
|
are not needed should be removed.
|
||
|
|
|
||
|
|
Please note that the CERT/CC strongly cautions sites about the
|
||
|
|
use of hosts.equiv and .rhosts files. We suggest that they NOT
|
||
|
|
be used unless absolutely necessary.
|
||
|
|
|
||
|
|
- ---------------------------------------------------------------------------
|
||
|
|
The CERT/CC wishes to thank Alan Marcum, NeXT Computer, for bringing
|
||
|
|
this security vulnerability to our attention. We would also like to
|
||
|
|
thank CIAC for their assistance in testing this vulnerability.
|
||
|
|
- ---------------------------------------------------------------------------
|
||
|
|
|
||
|
|
If you believe that your system has been compromised, contact CERT/CC via
|
||
|
|
telephone or e-mail.
|
||
|
|
|
||
|
|
Computer Emergency Response Team/Coordination Center (CERT/CC)
|
||
|
|
Software Engineering Institute
|
||
|
|
Carnegie Mellon University
|
||
|
|
Pittsburgh, PA 15213-3890
|
||
|
|
|
||
|
|
Internet E-mail: cert@cert.org
|
||
|
|
Telephone: 412-268-7090 24-hour hotline:
|
||
|
|
CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
|
||
|
|
on call for emergencies during other hours.
|
||
|
|
|
||
|
|
Past advisories and other computer security related information are available
|
||
|
|
for anonymous ftp from the cert.org (192.88.209.5) system.
|
||
|
|
|
||
|
|
-----BEGIN PGP SIGNATURE-----
|
||
|
|
Version: 2.6.2
|
||
|
|
|
||
|
|
iQCVAwUBMaMwuXVP+x0t4w7BAQFLHAP+PZklqv0V4MAiQfEM4iSIjr52v+HHn4XQ
|
||
|
|
90dtx5pMRvMLeXunYlaWiBoD6W7IfIHFtkuWS1LMpSuwDcPavb3CJHOKu1U/mu0A
|
||
|
|
8S1ipHm9ZvLEnE1rsKqRTjDXHsbq50pdCLJKuzCa5bk0NAWglXsSLldkDAkebsnT
|
||
|
|
3ouhkUVyhhI=
|
||
|
|
=dts/
|
||
|
|
-----END PGP SIGNATURE-----
|
||
|
|
|