132 lines
5.6 KiB
Plaintext
132 lines
5.6 KiB
Plaintext
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
CA-93:02a CERT Advisory
|
|
January 21, 1993
|
|
REVISION NOTICE: New Patch for NeXT NetInfo "_writers" Vulnerabilities
|
|
|
|
- -----------------------------------------------------------------------------
|
|
|
|
*** THIS IS A REVISED CERT ADVISORY ***
|
|
*** IT CONTAINS NEW INFORMATION ***
|
|
|
|
The CERT Coordination Center has received updated information from NeXT
|
|
Computer, Inc. concerning vulnerabilities in the distributed printing
|
|
facility of NeXT computers running all releases of NeXTSTEP software
|
|
through NeXTSTEP Release 3.0. The online patch described in CERT
|
|
Advisory CA-93:02 has been replaced with a new patch. The size and
|
|
checksum information in this Advisory have been updated to reflect
|
|
the new online patch.
|
|
|
|
For more information, please contact your authorized support center. If you
|
|
are an authorized support provider, please contact NeXT through your normal
|
|
channels.
|
|
|
|
- -----------------------------------------------------------------------------
|
|
|
|
I. Description
|
|
|
|
The default NetInfo "_writers" properties are configured to allow
|
|
users to install printers and FAX modems and to export them to the
|
|
network without requiring assistance from the system administrator.
|
|
They also allow a user to configure other parts of the system, such as
|
|
monitor screens, without requiring help from the system administrator.
|
|
Vulnerabilities exist in this facility that could allow users to gain
|
|
unauthorized privileges on the system.
|
|
|
|
|
|
II. Impact
|
|
|
|
In the case of the "/printers" and the "/fax_modems" directories, the
|
|
"_writers" property can permit users to obtain unauthorized root
|
|
access to a system.
|
|
|
|
In the "/localconfig/screens" directory, the "_writers" property can
|
|
potentially permit a user to deny normal login access to other users.
|
|
|
|
|
|
III. Solution
|
|
|
|
To close the vulnerabilities, remove the "_writers" properties from
|
|
the "/printers", "/fax_modems", and "/localconfig/screens" directories
|
|
in all NetInfo domains on the network, and from all immediate
|
|
subdirectories of all "/printers", "/fax_modems", and
|
|
"/localconfig/screens" directories. The "_writers" properties may be
|
|
removed using any one of the following three methods:
|
|
|
|
A. As root, use the "niutil" command-line utility. For example, to
|
|
remove the "_writers" property from the "/printers" directory:
|
|
|
|
# /usr/bin/niutil -destroyprop . /printers _writers
|
|
|
|
|
|
B. Alternatively, use the NetInfoManager application: open the
|
|
desired domain, open the appropriate directory, select the
|
|
"_writers" property, choose the "Delete" command [Cmd-r] from
|
|
the "Edit" menu, and save the directory.
|
|
|
|
|
|
C. To assist system administrators in editing their NetInfo
|
|
domains, a shell script, "writersfix", is available via
|
|
anonymous FTP from next.com (129.18.1.2):
|
|
|
|
Filename Size Checksum
|
|
-------- ---- --------
|
|
pub/Misc/Utilities/WritersFix.compressed 5600 25625 6
|
|
|
|
After transferring this file using BINARY transfer type,
|
|
double-click on the file. A "WritersFix" directory will be
|
|
created in your file system, containing the script
|
|
("writersfix") and some documentation ("WritersFix.rtf").
|
|
|
|
|
|
Consider removing "_writers" from other NetInfo directories as well
|
|
(for example, "/locations"), noting the following trade-off between
|
|
ease-of-use and security. By removing the "_writers" properties, the
|
|
network and the computers on the network become more secure, but a
|
|
system administrator's assistance is required where it previously was
|
|
not required.
|
|
|
|
Please refer to the NeXTSTEP Network and System Administration manual
|
|
for additional information on "_writers". Note that the
|
|
subdirectories of the "/users" directory have "_writers_passwd" set to
|
|
the user whose account is described by the directory. This is
|
|
essential if users are to be able to change their own passwords, and
|
|
this does not compromise system security.
|
|
|
|
- -----------------------------------------------------------------------------
|
|
The CERT Coordination Center wishes to thank Alan Marcum and Eric Larson of
|
|
NeXT Computer, Inc. for notifying us about the existence of these
|
|
vulnerabilities and for providing appropriate technical information.
|
|
- -----------------------------------------------------------------------------
|
|
|
|
If you believe that your system has been compromised, contact the CERT
|
|
Coordination Center or your representative in FIRST (Forum of Incident
|
|
Response and Security Teams).
|
|
|
|
Internet E-mail: cert@cert.org
|
|
Telephone: 412-268-7090 (24-hour hotline)
|
|
CERT personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),
|
|
on call for emergencies during other hours.
|
|
|
|
CERT Coordination Center
|
|
Software Engineering Institute
|
|
Carnegie Mellon University
|
|
Pittsburgh, PA 15213-3890
|
|
|
|
Past advisories, information about FIRST representatives, and other
|
|
information related to computer security are available for anonymous FTP
|
|
from cert.org (192.88.209.5).
|
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaMxHXVP+x0t4w7BAQHHSAP9FKYT3foDizRN0ilAE2cHNlMLybQqD6dE
|
|
NOgWZg4lEsDaYNeXezj6xu9zqHLRokajWrNefrK+jLFbkvrPGmVfr2lPpnClzzNe
|
|
+dbaUq0jAKHiZQjFDTox4IY/Ac+sETYjSnFmw4wKOiNCPkIXwT8h+Qcg3X1A3glP
|
|
0qVHWVvMM9o=
|
|
=DSUf
|
|
-----END PGP SIGNATURE-----
|
|
|