[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Apollo Domain/OS suid_exec Problem

Title: Apollo Domain/OS suid_exec Problem
Released by: CERT
Date: 27th July 1990
Printable version: Click here 
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1







CA-90:04

Last Revised: September 17,1997

                Attached Copyright Statement





                               CERT Advisory

                               July 27, 1990

                    Apollo Domain/OS suid_exec Problem

- -----------------------------------------------------------------------------



The CERT/CC has received the following report of a vulnerability in the

Hewlett Packard/Apollo Domain/OS system.  This information was provided to

the CERT/CC by the Apollo Systems Division of Hewlett Packard:



  This message is to alert administrators of Domain/OS systems of a

  serious security problem in all versions of Domain/OS Release sr10.2

  and in Beta versions of sr10.3 earlier than bl67. This problem is

  NOT present in sr10.1 or earlier versions of Domain/OS. This problem

  can be referred to as APR number DE278, other APRs have been filed

  against this problem.



  There is a known flaw in the file /etc/suid_exec. This file should

  be deleted IMMEDIATELY from the /etc directories on all HP/Apollo

  nodes AND from all authorized areas on HP/Apollo networks from which

  software can be installed.



  The files that must be deleted are:

        On each node:

                ///etc/suid_exec



        In each Authorized Area:



                /install/ri.apollo.os.v.10.2/sys5.3/etc/suid_exec

                /install/ri.apollo.os.v.10.2/bsd4.3/etc/suid_exec

                /install/ri.apollo.os.v.10.2.p/sys5.3/etc/suid_exec

                /install/ri.apollo.os.v.10.2.p/bsd4.3/etc/suid_exec





  You must be 'root' or 'locksmith' in order to delete these files.



  The removal of these files will resolve the security vulnerability

  immediately.



  This procedure will require that the install tool should be run with the

  -x option ( continue on error - see Installing Software with Apollo's

  Release and Installation Tools, Apollo order number 008860-A00, chapter

  4) for all subsequent installations until the replacement files have been

  obtained. The absence of these files in the authorized areas will

  generate an error message during the installation process, and, if the -x

  option is not specified when invoking the installation tool, will

  terminate the install.



  This file is normally required by the Korn Shell to run set-id Korn Shell

  scripts, but is a no-op on HP/Apollo systems since Domain/OS does NOT

  support the execution of set-id shell scripts. Its purpose is to serve as

  the 'agent' described in the manual page for the Korn Shell under

  'Execution'. An error during compilation introduced the reported

  vulnerability. The removal of this file will have no affect on the

  functionality provided by HP/Apollo systems, but will affect the

  installation procedure as mentioned in the previous paragraph.



  HP/Apollo is creating an incremental software release that will replace

  these files with the correctly compiled version of the suid_exec program.

  This incremental release will be made available to software maintenance

  customers shortly. Those users not on a HP/Apollo maintenance contract

  should be able to order the replacement files as HP/Apollo part number

  018669-A00, SR10.2 Incremental Software Release. Once installed, the

  replacement files will permit normal installation of software. They will

  NOT permit set-id shell scripts to be run on Domain/OS installations.



  The repaired file will also be available as patch_m0170 on 68000-based

  systems, and patch_p0136 on DN10000-based systems. These patches are

  scheduled to be on the August patch tape. The problem has already been

  addressed in the next release of Domain/OS.



For more information, please contact Hewlett Packard/Apollo Customer

Service.



Thanks to John G. Griffith of Hewlett Packard for this information.

- -----------------------------------------------------------------------------



Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890



Internet: cert@cert.org

Telephone: 412-268-7090 24-hour hotline: CERT personnel answer

           7:30a.m.-6:00p.m. EST, on call for

           emergencies other hours.



Past advisories and other information are available for anonymous ftp

from cert.org (192.88.209.5).



- -------------------------------------------------------------------------------





Copyright 1990 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.



CERT is registered in the U.S. Patent and Trademark Office.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Revision History



September 17,1997  Attached Copyright Statement





-----BEGIN PGP SIGNATURE-----

Version: PGP for Personal Privacy 5.0

Charset: noconv



iQA/AwUBOBS8alr9kb5qlZHQEQJlvgCfeKuAuyZJb770isz6LcYK14IO+csAn3Fj

Op/e3CnC2xsQjoEdTREYMwCx

=59gZ

-----END PGP SIGNATURE-----






(C) 1999-2000 All rights reserved.