104 lines
3.7 KiB
Plaintext
104 lines
3.7 KiB
Plaintext
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
|
|
CA-91:07 CERT Advisory
|
|
May 20, 1991
|
|
SunOS Source Tape Installation Vulnerability
|
|
|
|
- -------------------------------------------------------------------------
|
|
|
|
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
|
|
received the following information from Sun Microsystems, Inc. (Sun).
|
|
Sun has given the CERT/CC permission to distribute their Security
|
|
Bulletin. It contains information regarding a fix for a vulnerability
|
|
in SunOS 4.0.3, SunOS 4.1 and SunOS 4.1.1.
|
|
|
|
The following Sun Microsystems Security Bulletin only applies to systems
|
|
that have installed the Sun Source tapes.
|
|
|
|
For more information, please contact Sun Microsystems at 1-800-USA-4SUN.
|
|
|
|
- -------------------------------------------------------------------------
|
|
|
|
SUN MICROSYSTEMS SECURITY BULLETIN:
|
|
#00107
|
|
|
|
This information is only to be used for the purpose of alerting
|
|
customers to problems. Any other use or re-broadcast of this
|
|
information without the express written consent of Sun Microsystems
|
|
shall be prohibited.
|
|
|
|
Sun expressly disclaims all liability for any misuse of this information
|
|
by any third party.
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Bug ID : 1059621
|
|
Synopsis : security hole created by installing sunsrc
|
|
Sun Patch ID: Not applicable see fix below.
|
|
|
|
This applies to sites that have installed Sun Source tapes only.
|
|
|
|
The Sun distribution of sources (sunsrc) has an installation
|
|
procedure which creates the directory /usr/release/bin and
|
|
installs two setuid root files in it: makeinstall and winstall.
|
|
These are both binary files which exec other programs: "make -k install"
|
|
(makeinstall) or "install" (winstall).
|
|
|
|
This makes it possible for users on that system to become root.
|
|
|
|
The solution:
|
|
chmod ug-s /usr/release/bin/{makeinstall, winstall}
|
|
(if the sources have already been installed)
|
|
and/or
|
|
edit the makefile in sunsrc/release and change the SETUID definition
|
|
(if the sources have been extracted from tape but not installed yet)
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Special thanks to CERT and Tel-Aviv University for reporting this
|
|
problem.
|
|
|
|
Brad Powell
|
|
Sun Microsystems
|
|
Software Security Coordinator.
|
|
|
|
- ---------------------------------------------------------------------------
|
|
|
|
The CERT/CC would like to thank Sun Microsystems, Inc. for their response
|
|
to this vulnerability. We would also like to thank Ariel Cohen from
|
|
Tel-Aviv University, School of Mathematical Sciences for reporting the
|
|
problem.
|
|
|
|
- ---------------------------------------------------------------------------
|
|
|
|
If you believe that your system has been compromised, contact CERT/CC
|
|
via telephone or e-mail.
|
|
|
|
Computer Emergency Response Team/Coordination Center (CERT/CC)
|
|
Software Engineering Institute
|
|
Carnegie Mellon University
|
|
Pittsburgh, PA 15213-3890
|
|
|
|
Internet E-mail: cert@cert.org
|
|
Telephone: 412-268-7090 24-hour hotline:
|
|
CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
|
|
on call for emergencies during other hours.
|
|
|
|
Past advisories and other computer security related information are
|
|
available for anonymous ftp from the cert.org (192.88.209.5)
|
|
system.
|
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaMwqnVP+x0t4w7BAQGepgP6A8tusMmhH4xU6QMrxDfGo97XP4cYyGju
|
|
1w4Rd+6eX0keE+yuGdtfz6BsSXRdQJpG76U+XHp1W/vDn+4Uht+vT1eDCHM12ZRQ
|
|
MXzLkQKtjHw6P8W3zNuXUB9DyKoUNxAx7oLhrGptIYXsLEs5KSIXhioARZjWFzO1
|
|
2jR6g/cYF7U=
|
|
=0eUg
|
|
-----END PGP SIGNATURE-----
|
|
|