141 lines
5.7 KiB
Plaintext
141 lines
5.7 KiB
Plaintext
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
=============================================================================
|
|
CA-93:13 CERT Advisory
|
|
September 17, 1993
|
|
SCO Home Directory Vulnerability
|
|
- -----------------------------------------------------------------------------
|
|
|
|
The CERT Coordination Center has received information indicating that SCO
|
|
Operating Systems may be vulnerable to a potential compromise of system
|
|
security. This vulnerability allows unauthorized access to the "dos" and
|
|
"asg" accounts, and, as a result of this access, unauthorized access to
|
|
the "root" account may also occur.
|
|
|
|
The following releases of SCO products are affected by this vulnerability:
|
|
|
|
SCO UNIX System V/386 Release 3.2 Operating System
|
|
SCO UNIX System V/386 Release 3.2 Operating System Version 2.0
|
|
SCO UNIX System V/386 Release 3.2 Operating System version 4.x
|
|
SCO UNIX System V/386 Release 3.2 Operating System Version 4.0 with
|
|
Maintenance Supplement Version 4.1 and/or Version 4.2
|
|
SCO Network Bundle Release 4.x
|
|
SCO Open Desktop Release 1.x
|
|
SCO Open Desktop Release 2.0
|
|
SCO Open Desktop Lite Release 3.0
|
|
SCO Open Desktop Release 3.0
|
|
SCO Open Server Network System Release 3.0
|
|
SCO Open Server Enterprise System Release 3.0
|
|
|
|
CERT and The Santa Cruz Operation recommend that all sites using these SCO
|
|
products take action to eliminate the source of vulnerability from their
|
|
systems. This problem will be corrected in upcoming releases of SCO
|
|
operating systems.
|
|
|
|
- -----------------------------------------------------------------------------
|
|
|
|
I. Description
|
|
|
|
The home directories of the users "dos" and "asg" are /tmp and
|
|
/usr/tmp respectively. These directories are designed to have
|
|
global write permission.
|
|
|
|
II. Impact
|
|
|
|
This vulnerability may allow unauthorized users to gain access to
|
|
these accounts. This vulnerability may also corrupt certain binaries
|
|
in the system and thus prevent regular users from running them, as well
|
|
as introduce a potential for unauthorized root access.
|
|
|
|
III. Solution
|
|
|
|
All affected sites should follow these instructions:
|
|
|
|
1. Log onto the system as "root"
|
|
2. Choose the following sequence of menu selections from
|
|
the System Administration Shell, which is invoked by
|
|
typing "sysadmsh"
|
|
|
|
a. Accounts-->User-->Examine-->
|
|
[select the "dos" account] -->Identity
|
|
-->Home directory-->Create-->Path-->
|
|
[change it to /usr/dos instead of /tmp]--> confirm
|
|
|
|
b. Accounts-->User-->Examine-->
|
|
[select the "asg" account] -->Identity
|
|
-->Home directory-->Create-->Path-->
|
|
[change it to /usr/asg instead of /usr/tmp]--> confirm
|
|
|
|
3. If DOS binaries have been modified, or sites are unable to
|
|
determine if modification has occurred, we strongly recommend
|
|
removing and reinstalling the DOS package of the Operating System
|
|
Extended Utilities. This can be done using custom(ADM).
|
|
|
|
Sites may also want to check their systems for signs of further
|
|
compromise. This can be facilitated through the use of programs
|
|
such as COPS. Other security advice and suggestions can be found
|
|
in CERT's security checklist. This checklist may be obtained
|
|
through anonymous FTP from cert.org in pub/tech_tips/security_info.
|
|
|
|
Note: COPS may be obtained from many sites, including via
|
|
anonymous FTP from cert.org in the pub/tools directory.
|
|
|
|
If you have further questions about this issue, please contact SCO Support
|
|
and ask for more information concerning this CERT advisory, CA-93:13, "SCO
|
|
Home Directory Vulnerability."
|
|
|
|
Electronic mail: support@sco.COM
|
|
|
|
USA/Canada: 6am-5pm Pacific Daylight Time (PDT)
|
|
-----------
|
|
1-800-347-4381 (voice)
|
|
1-408-427-5443 (fax)
|
|
|
|
Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
|
|
------------------------------------------------ Daylight Time
|
|
(PDT)
|
|
1-408-425-4726 (voice)
|
|
1-408-427-5443 (fax)
|
|
|
|
Europe, Middle East, Africa: 9am-5:30pm British Standard Time (BST)
|
|
----------------------------
|
|
+44 (0)923 816344 (voice)
|
|
+44 (0)923 817781 (fax)
|
|
|
|
- ---------------------------------------------------------------------------
|
|
The CERT Coordination Center wishes to thank Christopher Durham of the Santa
|
|
Cruz Operation for reporting this problem and his assistance in responding to
|
|
this problem.
|
|
- ---------------------------------------------------------------------------
|
|
|
|
If you believe that your system has been compromised, contact the CERT
|
|
Coordination Center or your representative in Forum of Incident
|
|
Response and Security Teams (FIRST).
|
|
|
|
Internet E-mail: cert@cert.org
|
|
Telephone: 412-268-7090 (24-hour hotline)
|
|
CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
|
|
and are on call for emergencies during other hours.
|
|
|
|
CERT Coordination Center
|
|
Software Engineering Institute
|
|
Carnegie Mellon University
|
|
Pittsburgh, PA 15213-3890
|
|
|
|
Past advisories, information about FIRST representatives, and other
|
|
information related to computer security are available for anonymous FTP
|
|
from cert.org (192.88.209.5).
|
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaMxQnVP+x0t4w7BAQEKjQQAr5ugUW3Oo9g612it1H8GxMv/UsTXQ/wP
|
|
vnfM+5PxpyWK//AOlgDsdRVuPU/8Jjz7IHel4Hue/EqC6q3gj0g6t2PqPOXrhCRT
|
|
48cZblmVBs752qS5XJeqfKgwGlQNZXW5QIPZB0qQe4zfoX4/qnXEZdAa4ZPWwPN9
|
|
nCUnmQbR5JI=
|
|
=eagU
|
|
-----END PGP SIGNATURE-----
|
|
|