105 lines
4.4 KiB
Plaintext
105 lines
4.4 KiB
Plaintext
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
|
|
|
|
CA-90:04 CERT Advisory
|
|
July 27, 1990
|
|
Apollo Domain/OS suid_exec Problem
|
|
- -----------------------------------------------------------------------------
|
|
|
|
The CERT/CC has received the following report of a vulnerability in the
|
|
Hewlett Packard/Apollo Domain/OS system. This information was provided to
|
|
the CERT/CC by the Apollo Systems Division of Hewlett Packard:
|
|
|
|
This message is to alert administrators of Domain/OS systems of a
|
|
serious security problem in all versions of Domain/OS Release sr10.2
|
|
and in Beta versions of sr10.3 earlier than bl67. This problem is
|
|
NOT present in sr10.1 or earlier versions of Domain/OS. This problem
|
|
can be referred to as APR number DE278, other APRs have been filed
|
|
against this problem.
|
|
|
|
There is a known flaw in the file /etc/suid_exec. This file should
|
|
be deleted IMMEDIATELY from the /etc directories on all HP/Apollo
|
|
nodes AND from all authorized areas on HP/Apollo networks from which
|
|
software can be installed.
|
|
|
|
The files that must be deleted are:
|
|
On each node:
|
|
//<node>/etc/suid_exec
|
|
|
|
In each Authorized Area:
|
|
|
|
<AA>/install/ri.apollo.os.v.10.2/sys5.3/etc/suid_exec
|
|
<AA>/install/ri.apollo.os.v.10.2/bsd4.3/etc/suid_exec
|
|
<AA>/install/ri.apollo.os.v.10.2.p/sys5.3/etc/suid_exec
|
|
<AA>/install/ri.apollo.os.v.10.2.p/bsd4.3/etc/suid_exec
|
|
|
|
|
|
You must be 'root' or 'locksmith' in order to delete these files.
|
|
|
|
The removal of these files will resolve the security vulnerability
|
|
immediately.
|
|
|
|
This procedure will require that the install tool should be run with the
|
|
-x option ( continue on error - see Installing Software with Apollo's
|
|
Release and Installation Tools, Apollo order number 008860-A00, chapter
|
|
4) for all subsequent installations until the replacement files have been
|
|
obtained. The absence of these files in the authorized areas will
|
|
generate an error message during the installation process, and, if the -x
|
|
option is not specified when invoking the installation tool, will
|
|
terminate the install.
|
|
|
|
This file is normally required by the Korn Shell to run set-id Korn Shell
|
|
scripts, but is a no-op on HP/Apollo systems since Domain/OS does NOT
|
|
support the execution of set-id shell scripts. Its purpose is to serve as
|
|
the 'agent' described in the manual page for the Korn Shell under
|
|
'Execution'. An error during compilation introduced the reported
|
|
vulnerability. The removal of this file will have no affect on the
|
|
functionality provided by HP/Apollo systems, but will affect the
|
|
installation procedure as mentioned in the previous paragraph.
|
|
|
|
HP/Apollo is creating an incremental software release that will replace
|
|
these files with the correctly compiled version of the suid_exec program.
|
|
This incremental release will be made available to software maintenance
|
|
customers shortly. Those users not on a HP/Apollo maintenance contract
|
|
should be able to order the replacement files as HP/Apollo part number
|
|
018669-A00, SR10.2 Incremental Software Release. Once installed, the
|
|
replacement files will permit normal installation of software. They will
|
|
NOT permit set-id shell scripts to be run on Domain/OS installations.
|
|
|
|
The repaired file will also be available as patch_m0170 on 68000-based
|
|
systems, and patch_p0136 on DN10000-based systems. These patches are
|
|
scheduled to be on the August patch tape. The problem has already been
|
|
addressed in the next release of Domain/OS.
|
|
|
|
For more information, please contact Hewlett Packard/Apollo Customer
|
|
Service.
|
|
|
|
Thanks to John G. Griffith of Hewlett Packard for this information.
|
|
- -----------------------------------------------------------------------------
|
|
|
|
Computer Emergency Response Team/Coordination Center (CERT/CC)
|
|
Software Engineering Institute
|
|
Carnegie Mellon University
|
|
Pittsburgh, PA 15213-3890
|
|
|
|
Internet: cert@cert.org
|
|
Telephone: 412-268-7090 24-hour hotline: CERT personnel answer
|
|
7:30a.m.-6:00p.m. EST, on call for
|
|
emergencies other hours.
|
|
|
|
Past advisories and other information are available for anonymous ftp
|
|
from cert.org (192.88.209.5).
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaMwf3VP+x0t4w7BAQEhqgQA0j/rjwyTwYkZf3+5nWRay7gbBWlUyIT3
|
|
SVhWxZiH8UhZY7JLIPRvPU6HfMRs9TAc5XpMIq24kxUPGrodlPlatr4UwzN7d+Wn
|
|
ZH9TXjxZYhWH5YV2pauFwpUor5fmWJzv8j1+LMuRaoCuhvT7mkVfe9fOlo0UB6hB
|
|
DFH7VeWojx8=
|
|
=Z9Vj
|
|
-----END PGP SIGNATURE-----
|
|
|