214 lines
9.3 KiB
Plaintext
214 lines
9.3 KiB
Plaintext
|
|
||
|
|
|
||
|
|
|
||
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
|
||
|
|
/* *\
|
||
|
|
/ * * \
|
||
|
|
/ * * \
|
||
|
|
/ * * \
|
||
|
|
/ * System Vulnerabilities * \
|
||
|
|
| * * |
|
||
|
|
| * * |
|
||
|
|
| * * |
|
||
|
|
| * Another Modernz Presentation * |
|
||
|
|
| * * |
|
||
|
|
\ * by * /
|
||
|
|
\ * Multiphage * /
|
||
|
|
\ * * /
|
||
|
|
\ * written on 12-15-92 * /
|
||
|
|
\ * */
|
||
|
|
*******************************************************************************
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
|
||
|
|
*******************************************************************************
|
||
|
|
The Modernz can be contacted at:
|
||
|
|
|
||
|
|
MATRIX BBS
|
||
|
|
WOK-NOW!
|
||
|
|
World of Kaos NOW!
|
||
|
|
World of Knowledge NOW!
|
||
|
|
St. Dismis Institute
|
||
|
|
- Sysops: Wintermute
|
||
|
|
Digital-demon
|
||
|
|
(908) 905-6691
|
||
|
|
(908) WOK-NOW!
|
||
|
|
(908) 458-xxxx
|
||
|
|
1200/2400/4800/9600
|
||
|
|
14400/19200/38400
|
||
|
|
Home of Modernz Text Philez
|
||
|
|
|
||
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
|
||
|
|
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
|
||
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
|
||
|
|
|
||
|
|
TANSTAAFL
|
||
|
|
Pheonix Modernz
|
||
|
|
The Church of Rodney
|
||
|
|
- Sysop: Tal Meta
|
||
|
|
(908) 830-TANJ
|
||
|
|
(908) 830-8265
|
||
|
|
Home of TANJ Text Philez
|
||
|
|
|
||
|
|
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
|
||
|
|
|
||
|
|
CyberChat
|
||
|
|
Sysop: Hegz
|
||
|
|
(908)506-6651
|
||
|
|
(908)506-7637
|
||
|
|
300/1200/2400/4800/9600
|
||
|
|
14400/19200/38400
|
||
|
|
Modernz Site
|
||
|
|
TLS HQ
|
||
|
|
|
||
|
|
<><><><><><><><><><><><><><<><<><><><><><><><><><><><><><><><><><><><><><><><><
|
||
|
|
|
||
|
|
The Last Outpost
|
||
|
|
PowerBBS Support Board
|
||
|
|
UASI ALPHA Division
|
||
|
|
NorthWestern PA UASI site!
|
||
|
|
(412) 662-0769 300/1200/2400
|
||
|
|
24 hours! SysOp: The Almighty Kilroy
|
||
|
|
|
||
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
|
||
|
|
|
||
|
|
BlitzKreig BBS
|
||
|
|
Home of TAP
|
||
|
|
(502)499-8933
|
||
|
|
|
||
|
|
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
===========================================================================
|
||
|
|
Revised Patch for SunOS /usr/etc/rpc.mountd Vulnerability
|
||
|
|
|
||
|
|
---------------------------------------------------------------------------
|
||
|
|
|
||
|
|
Information concerning the availability of a revised security
|
||
|
|
patch for /usr/etc/rpc.mountd in Sun Microsystems Computer Corporation
|
||
|
|
operating systems.
|
||
|
|
|
||
|
|
Sun has provided patches for SunOS 4.1, SunOS 4.1_PSR_A, SunOS 4.1.1,
|
||
|
|
and SunOS 4.1.2. These patches are available through your local Sun
|
||
|
|
Answer Center as well as through anonymous ftp from ftp.uu.net (137.39.1.9)
|
||
|
|
in the /systems/sun/sun-dist directory.
|
||
|
|
|
||
|
|
Patch ID and file information are as follows:
|
||
|
|
|
||
|
|
Fix Patch ID Filename Checksum
|
||
|
|
/usr/etc/rpc.mountd 100296-02 100296-02.tar.Z 30606 23
|
||
|
|
|
||
|
|
|
||
|
|
---------------------------------------------------------------------------
|
||
|
|
I. Description
|
||
|
|
|
||
|
|
Under certain conditions an exported NFS filesystem can be
|
||
|
|
mounted by any system on the Internet even though it may appear
|
||
|
|
that access to the filesystem is restricted to specific hosts.
|
||
|
|
|
||
|
|
II. Impact
|
||
|
|
|
||
|
|
Unauthorized remote hosts will be able to mount the exported filesystem.
|
||
|
|
|
||
|
|
III. Solution
|
||
|
|
|
||
|
|
As root:
|
||
|
|
|
||
|
|
1. Move the existing rpc.mountd aside and change the permissions.
|
||
|
|
|
||
|
|
# mv /usr/etc/rpc.mountd /usr/etc/rpc.mountd.OLD
|
||
|
|
# chmod 400 /usr/etc/rpc.mountd.OLD
|
||
|
|
|
||
|
|
2. Install the new version
|
||
|
|
|
||
|
|
# cp `arch`/rpc.mountd /usr/etc
|
||
|
|
# chown root.staff /usr/etc/rpc.mountd
|
||
|
|
# chmod 755 /usr/etc/rpc.mountd
|
||
|
|
|
||
|
|
3. Kill the currently running rpc.mountd and restart it, or
|
||
|
|
reboot the system. In either case, systems with filesystems
|
||
|
|
mounted from this host will have interruptions in service.
|
||
|
|
|
||
|
|
---------------------------------------------------------------------------
|
||
|
|
|
||
|
|
|
||
|
|
===========================================================================
|
||
|
|
SunOS NIS Vulnerability
|
||
|
|
---------------------------------------------------------------------------
|
||
|
|
|
||
|
|
Information concerning several vulnerabilities with NIS under Sun
|
||
|
|
Microsystems, Inc. SunOS. These vulnerabilities exist in NIS under
|
||
|
|
SunOS 4.1, 4.1.1, and 4.1.2, and may or may not exist in earlier versions
|
||
|
|
of NIS.
|
||
|
|
|
||
|
|
Sun has provided fixes for SunOS 4.1, 4.1.1, and 4.1.2 for these
|
||
|
|
vulnerabilities. The patch file containing these fixes is available
|
||
|
|
through your local Sun Answer Center and through anonymous ftp from
|
||
|
|
ftp.uu.net (137.39.1.9) in the /systems/sun/sun-dist directory. Note
|
||
|
|
that these fixes will probably not be compatible with SunOS 4.0.3 and
|
||
|
|
earlier versions of the operating system.
|
||
|
|
|
||
|
|
Fix PatchID Filename Checksum
|
||
|
|
/usr/etc/{ypserv,ypxfrd,portmap} 100482-2 100482-02.tar.Z 53416 284
|
||
|
|
|
||
|
|
Please note that Sun will occasionally update patch files. If you
|
||
|
|
find that the checksum is different, please contact Sun or the CERT/CC
|
||
|
|
for verification.
|
||
|
|
|
||
|
|
---------------------------------------------------------------------------
|
||
|
|
|
||
|
|
I. Description
|
||
|
|
|
||
|
|
A security vulnerability exists under NIS allowing unauthorized access
|
||
|
|
to NIS information.
|
||
|
|
|
||
|
|
II. Impact
|
||
|
|
|
||
|
|
A user on a remote host can obtain copies of the NIS maps from a
|
||
|
|
system running NIS. The remote user can attempt to guess passwords
|
||
|
|
for the system using the obtained NIS password map information.
|
||
|
|
|
||
|
|
III. Solution
|
||
|
|
|
||
|
|
A. Obtain and install the patch from Sun or from ftp.uu.net following
|
||
|
|
the instructions provided in the "README" file.
|
||
|
|
|
||
|
|
1. As root, rename the existing versions of
|
||
|
|
/usr/etc/{ypserv,ypxfrd,portmap} and modify the
|
||
|
|
permissions to prevent misuse.
|
||
|
|
|
||
|
|
# mv /usr/etc/ypserv /usr/etc/ypserv.orig
|
||
|
|
# mv /usr/etc/ypxfrd /usr/etc/ypxfrd.orig
|
||
|
|
# mv /usr/etc/portmap /usr/etc/portmap.orig
|
||
|
|
# chmod 0400 /usr/etc/ypserv.orig
|
||
|
|
# chmod 0400 /usr/etc/ypxfrd.orig
|
||
|
|
# chmod 0400 /usr/etc/portmap.orig
|
||
|
|
|
||
|
|
2. Copy the new binaries into the /usr/etc directory.
|
||
|
|
|
||
|
|
# cp `arch`/{4.1, 4.1.1, 4.1.2}/ypserv /usr/etc/ypserv
|
||
|
|
# cp `arch`/{4.1, 4.1.1, 4.1.2}/ypxfrd /usr/etc/ypxfrd
|
||
|
|
# cp `arch`/{4.1, 4.1.1, 4.1.2}/portmap /usr/etc/portmap
|
||
|
|
# chown root /usr/etc/ypserv /usr/etc/ypxfrd /usr/etc/portmap
|
||
|
|
# chmod 755 /usr/etc/ypserv /usr/etc/ypxfrd /usr/etc/portmap
|
||
|
|
|
||
|
|
3. Copy the securenets file to the /var/yp directory. Any
|
||
|
|
site that has an existing /var/yp/securenets file should
|
||
|
|
rename it prior copying the new version of the file.
|
||
|
|
|
||
|
|
# cp `arch`/{4.1, 4.1.1, 4.1.2}/securenets /var/yp
|
||
|
|
# chown root /var/yp/securenets
|
||
|
|
# chmod 644 /var/yp/securenets
|
||
|
|
|
||
|
|
4. Edit the /var/yp/securenets file to reflect the correct
|
||
|
|
configuration for your site. See the "README" file for
|
||
|
|
details of the file syntax and special instructions for
|
||
|
|
hosts with multiple Ethernet interfaces. The file should
|
||
|
|
not contain any blank lines.
|
||
|
|
|
||
|
|
5. Reboot the system to invoke the new binaries.
|
||
|
|
|