85 lines
3.2 KiB
Plaintext
85 lines
3.2 KiB
Plaintext
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
=============================================================================
|
|
CA-93:19 CERT Advisory
|
|
December 16, 1993
|
|
Solaris System Startup Vulnerability
|
|
- -----------------------------------------------------------------------------
|
|
|
|
The CERT Coordination Center has received information concerning a
|
|
vulnerability in the system startup scripts on Solaris 2.x and Solaris x86
|
|
systems. The changes described below will be integrated into the upcoming
|
|
Solaris release.
|
|
|
|
- -----------------------------------------------------------------------------
|
|
|
|
I. Description
|
|
|
|
If fsck(8) fails during system boot, a privileged shell is run
|
|
on the system console. This behavior can represent a security
|
|
vulnerability if users, who would normally not have root access,
|
|
have physical access to the console at boot time. An attacker
|
|
can force the failure to occur.
|
|
|
|
II. Impact
|
|
|
|
This vulnerability allows anyone with physical access to the
|
|
system console to gain root access.
|
|
|
|
III. Solution
|
|
|
|
A simple change to each of two system scripts can be used to
|
|
close this potential security hole. The new behavior will cause the
|
|
system to run the privileged shell only if the user at the console
|
|
enters the correct root password.
|
|
|
|
If you wish to make the change on your own systems, edit both
|
|
/sbin/rcS and /sbin/mountall, changing every occurrence of:
|
|
|
|
/sbin/sh < /dev/console
|
|
to:
|
|
/sbin/sulogin < /dev/console
|
|
|
|
As distributed by Sun, /sbin/rcS contains one occurrence of this
|
|
string, at line 152; and /sbin/mountall contains two, one at line
|
|
66 and one at line 250.
|
|
|
|
Once these changes are made, sulogin will request the root
|
|
password in the event fsck(8) fails, before starting a privileged shell.
|
|
The success or failure of sulogin will be logged in /var/adm/sulog.
|
|
|
|
- ---------------------------------------------------------------------------
|
|
The CERT Coordination Center wishes to thank Sun Microsystems, Inc.
|
|
for their support in responding to this problem.
|
|
- ---------------------------------------------------------------------------
|
|
|
|
If you believe that your system has been compromised, contact the CERT
|
|
Coordination Center or your representative in Forum of Incident
|
|
Response and Security Teams (FIRST).
|
|
|
|
Internet E-mail: cert@cert.org
|
|
Telephone: 412-268-7090 (24-hour hotline)
|
|
CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
|
|
and are on call for emergencies during other hours.
|
|
|
|
CERT Coordination Center
|
|
Software Engineering Institute
|
|
Carnegie Mellon University
|
|
Pittsburgh, PA 15213-3890
|
|
|
|
Past advisories, information about FIRST representatives, and other
|
|
information related to computer security are available for anonymous
|
|
FTP from info.cert.org.
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaMxXXVP+x0t4w7BAQEAOwP/ezBsUR1i5pEyxNbYs7oelEPngekQ8NwD
|
|
wXEzw2dt1QHNDqRUVf7JoK/2riR95k6/RRAEE6Adqki7GBJYZ2hDJP+mgoRdaQCC
|
|
eFjLtVsJ/PqS/AN3Hq94yEWYAlOPX+avTuVqqug519gpcSrg07nFfr5lF6tXQK6x
|
|
qj+UUg8Ql08=
|
|
=s7c3
|
|
-----END PGP SIGNATURE-----
|
|
|