100 lines
3.4 KiB
Plaintext
100 lines
3.4 KiB
Plaintext
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
CA-91:06 CERT Advisory
|
|
May 14, 1991
|
|
NeXT rexd, /private/etc, Username me Vulnerabilities
|
|
|
|
- ---------------------------------------------------------------------------
|
|
|
|
The Computer Emergency Response Team/Coordination Center (CERT/CC) and
|
|
NeXT Computer, Inc. have received information concerning three
|
|
vulnerabilities in NeXT computers running various releases (see below)
|
|
of NeXTstep software. For more information, please contact your
|
|
authorized support center. If you are an authorized support provider,
|
|
please contact NeXT through your normal channels.
|
|
|
|
- ---------------------------------------------------------------------------
|
|
|
|
|
|
Problem 1 DESCRIPTION: By default, rexd(8C) is enabled in NeXTstep
|
|
versions 2.0 and 2.1. (Note that no NeXT software uses rexd.)
|
|
|
|
Problem 1 IMPACT: Leaving rexd enabled allows remote users to execute
|
|
processes on a NeXT computer.
|
|
|
|
Problem 1 SOLUTION: Comment out or remove the rexd line in
|
|
/etc/inetd.conf (unless you're using the remote execution facility),
|
|
and either restart the computer or cause inetd to re-read it's
|
|
configuration file, using:
|
|
|
|
kill -HUP <inetd pid>
|
|
|
|
|
|
|
|
Problem 2 DESCRIPTION: The /private/etc directory is shipped with
|
|
group write permission enabled in all NeXTstep versions through and
|
|
including 2.1.
|
|
|
|
Problem 2 IMPACT: Group write permission in /private/etc enables any
|
|
user in the "wheel" group to modify files in the /private/etc
|
|
directory.
|
|
|
|
Problem 2 SOLUTION: Turn off group write permission for the
|
|
/private/etc directory, using the command:
|
|
|
|
chmod g-w /private/etc
|
|
|
|
or the equivalent operations from the Workspace Manager's Inspector
|
|
panel.
|
|
|
|
|
|
|
|
Problem 3 DESCRIPTION: Username "me" is a member of the "wheel" group
|
|
in all NeXTstep versions through and including 2.1.
|
|
|
|
Problem 3 IMPACT: Having username "me" in the "wheel" group enables
|
|
"me" to use the su(8) command to become root (the user must still know
|
|
the root password, however).
|
|
|
|
Problem 3 SOLUTION: Unless you have specific reason(s) not to, remove
|
|
the user "me" from the wheel group.
|
|
|
|
|
|
- ---------------------------------------------------------------------------
|
|
|
|
The CERT/CC would like to thank NeXT Computer, Inc. for their response
|
|
to this vulnerability. CERT/CC would also like to thank Fuat Baran
|
|
for his technical assistance.
|
|
|
|
- ---------------------------------------------------------------------------
|
|
|
|
If you believe that your system has been compromised, contact CERT/CC
|
|
via telephone or e-mail.
|
|
|
|
Computer Emergency Response Team/Coordination Center (CERT/CC)
|
|
Software Engineering Institute
|
|
Carnegie Mellon University
|
|
Pittsburgh, PA 15213-3890
|
|
|
|
Internet E-mail: cert@cert.org
|
|
Telephone: 412-268-7090 24-hour hotline:
|
|
CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
|
|
on call for emergencies during other hours.
|
|
|
|
Past advisories and other computer security related information are
|
|
available for anonymous ftp from the cert.org (192.88.209.5)
|
|
system.
|
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaMwp3VP+x0t4w7BAQG4GAQAkkfZONZKSSaIGE4HdLwPq0wm32Fi69a9
|
|
ejjJSosmLiMQb4SP4TRNnioI/2n0piiUV6qnmKJqvHrh2pDmygIUcH8kyompZFx5
|
|
hF35k1wnU/uvYnWoIsE5aMaLxMsuLEHRC8wHnRdBNTsfjrzccg6/J4JrDCP1mYWj
|
|
xniyITSIJV8=
|
|
=Y6uP
|
|
-----END PGP SIGNATURE-----
|
|
|