82 lines
3.2 KiB
Plaintext
82 lines
3.2 KiB
Plaintext
|
|
||
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
||
|
|
|
||
|
|
===========================================================================
|
||
|
|
CA-91:17 CERT Advisory
|
||
|
|
September 26, 1991
|
||
|
|
DECnet-Internet Gateway Vulnerability
|
||
|
|
|
||
|
|
- ---------------------------------------------------------------------------
|
||
|
|
|
||
|
|
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
|
||
|
|
received information concerning a vulnerability in the configuration of
|
||
|
|
the DECnet-Internet gateway software for Digital Equipment Corporation's
|
||
|
|
(DEC) ULTRIX versions 4.0, 4.1, and 4.2 on all Digital architectures.
|
||
|
|
|
||
|
|
Digital Equipment Corporation is aware of this problem and a resolution
|
||
|
|
for this vulnerability will be included in a future release. Digital
|
||
|
|
and the CERT/CC strongly recommend that sites exposed to this vulnerability
|
||
|
|
immediately institute the workaround detailed in this advisory.
|
||
|
|
|
||
|
|
- ---------------------------------------------------------------------------
|
||
|
|
|
||
|
|
I. Description
|
||
|
|
|
||
|
|
When installing the DECnet-Internet gateway software it is necessary to
|
||
|
|
create a guest account on the ULTRIX gateway host. By default, this
|
||
|
|
account has /bin/csh as its shell. By virtue of the guest account
|
||
|
|
having a valid shell, the DECnet-Internet gateway software can be
|
||
|
|
exploited to allow unauthorized root access.
|
||
|
|
|
||
|
|
II. Impact
|
||
|
|
|
||
|
|
Anyone using the DECnet-Internet gateway can gain unauthorized
|
||
|
|
root privileges on the ULTRIX gateway host.
|
||
|
|
|
||
|
|
III. Solution
|
||
|
|
|
||
|
|
This section describes a workaround for this vulnerability.
|
||
|
|
|
||
|
|
Disable the guest account by editing the /etc/passwd file and setting
|
||
|
|
the shell field for the guest account to /bin/false. Also, ensure the
|
||
|
|
guest account has the string "NoLogin" in the password field as detailed
|
||
|
|
in the DECnet-Internet installation manual.
|
||
|
|
|
||
|
|
Even if you have not installed or are not running the DECnet-
|
||
|
|
Internet gateway software, Digital recommends that you implement the
|
||
|
|
workaround solution stated above.
|
||
|
|
|
||
|
|
- ---------------------------------------------------------------------------
|
||
|
|
The CERT/CC wishes to thank R. Scott Butler of the Du Pont Company for
|
||
|
|
bringing this vulnerability to our attention and for his further
|
||
|
|
assistance with the temporary workaround.
|
||
|
|
- ---------------------------------------------------------------------------
|
||
|
|
|
||
|
|
If you believe that your system has been compromised, contact CERT/CC via
|
||
|
|
telephone or e-mail.
|
||
|
|
|
||
|
|
Computer Emergency Response Team/Coordination Center (CERT/CC)
|
||
|
|
Software Engineering Institute
|
||
|
|
Carnegie Mellon University
|
||
|
|
Pittsburgh, PA 15213-3890
|
||
|
|
|
||
|
|
Internet E-mail: cert@cert.org
|
||
|
|
Telephone: 412-268-7090 24-hour hotline:
|
||
|
|
CERT/CC personnel answer 7:30a.m.-6:00p.m. EST/EDT,
|
||
|
|
on call for emergencies during other hours.
|
||
|
|
|
||
|
|
Past advisories and other computer security related information are available
|
||
|
|
for anonymous ftp from the cert.org (192.88.209.5) system.
|
||
|
|
|
||
|
|
|
||
|
|
-----BEGIN PGP SIGNATURE-----
|
||
|
|
Version: 2.6.2
|
||
|
|
|
||
|
|
iQCVAwUBMaMwyHVP+x0t4w7BAQECSgP/bcDdezJ2PX/B8dR2TCWBWibmU/XhXQvt
|
||
|
|
kwGoZ7rPauXKKVM3JfjMq/dz8VEenHI/9EJV3rAtAn5msWG/NGUB+cB19yo8k8Go
|
||
|
|
8ZJWYApXlAR0bwNtrXiOsri3Cj3MaCXnBO0TIph1i8xMbEB2Dqp/19QAKEhQRGqK
|
||
|
|
YgQP9urhWC8=
|
||
|
|
=cVic
|
||
|
|
-----END PGP SIGNATURE-----
|
||
|
|
|