88 lines
3.3 KiB
Plaintext
88 lines
3.3 KiB
Plaintext
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
===========================================================================
|
|
CA-91:14 CERT Advisory
|
|
August 26, 1991
|
|
SGI "IRIX" /usr/sbin/fmt Vulnerability
|
|
|
|
- ---------------------------------------------------------------------------
|
|
|
|
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
|
|
received information concerning a vulnerability of mail messages in Silicon
|
|
Graphics Computer Systems' IRIX versions prior to 4.0 (this includes all
|
|
3.2 and 3.3.* versions). This problem has been fixed in version 4.0.
|
|
|
|
Information regarding the exploitation of this vulnerability is inherently
|
|
disclosed by any discussion of the problem (including this Advisory) so
|
|
we recommend taking immediate action. Until you are able to apply the patch,
|
|
mail at your site is vulnerable to being read by any ordinary user logged
|
|
in at that site.
|
|
|
|
Silicon Graphics has provided the enclosed patch instructions.
|
|
|
|
- ---------------------------------------------------------------------------
|
|
|
|
I. DESCRIPTION:
|
|
|
|
A vulnerability exists such that IRIX pre-4.0 (e.g., 3.3.3) systems
|
|
with the basic system software ("eoe1.sw.unix") installed can allow
|
|
unauthorized read access to users' mail messages, by exploiting a
|
|
configuration error in a standard system utility. Due to the ease
|
|
of exploiting this vulnerability and the simplicity of the corrective
|
|
action, the CERT/CC urges all sites to install the patch given below.
|
|
|
|
II. IMPACT:
|
|
|
|
Anyone who can log in on a given IRIX pre-4.0 (3.2, 3.3, 3.3.*) system
|
|
can read mail messages which have been delivered to any other user on
|
|
that same system.
|
|
|
|
III. SOLUTION:
|
|
|
|
As "root", execute the following commands:
|
|
|
|
chmod 755 /usr/sbin/fmt
|
|
chown root.sys /usr/sbin/fmt
|
|
|
|
If system software should ever be reloaded from a 3.2 or 3.3.*
|
|
installation tape or from a backup tape created before the patch
|
|
was applied, repeat the above procedure immediately after the software
|
|
has been reloaded, before enabling logins by normal users.
|
|
|
|
[Fixed in IRIX 4.0.]
|
|
|
|
|
|
- ---------------------------------------------------------------------------
|
|
The CERT/CC would like to thank Silicon Graphics for bringing this
|
|
vulnerability and solution to our attention.
|
|
- ---------------------------------------------------------------------------
|
|
|
|
If you believe that your system has been compromised, contact CERT/CC via
|
|
telephone or e-mail.
|
|
|
|
Computer Emergency Response Team/Coordination Center (CERT/CC)
|
|
Software Engineering Institute
|
|
Carnegie Mellon University
|
|
Pittsburgh, PA 15213-3890
|
|
|
|
Internet E-mail: cert@cert.org
|
|
Telephone: 412-268-7090 24-hour hotline:
|
|
CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
|
|
on call for emergencies during other hours.
|
|
|
|
Past advisories and other computer security related information are available
|
|
for anonymous ftp from the cert.org (192.88.209.5) system.
|
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaMwv3VP+x0t4w7BAQGcMAQAqqS6GkJCvU6raANhmIWk4P4yYUHVT9nH
|
|
LCKMUQQCDS6GC52kADRI1346yx0DnvWM4kysn9DHWfUkM3dllYpTOguhqRreN/y9
|
|
OwL9z928gWQrfOvE24Ldf+HKgdP4tQCjK3DCr990quw4Rp9iNgiexhEMzOSmCueC
|
|
4n3VjVPSZ/U=
|
|
=YkZm
|
|
-----END PGP SIGNATURE-----
|
|
|