|
|
Home : Advisories : SunOS Source Tape Installation Vulnerability
| Title: |
SunOS Source Tape Installation Vulnerability |
| Released by: |
CERT |
| Date: |
20th May 1991 |
| Printable version: |
Click here |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CA-91:07
Last revised: September 18,1997
Attached copyright statement
CERT Advisory
May 20, 1991
SunOS Source Tape Installation Vulnerability
- -------------------------------------------------------------------------
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received the following information from Sun Microsystems, Inc. (Sun).
Sun has given the CERT/CC permission to distribute their Security
Bulletin. It contains information regarding a fix for a vulnerability
in SunOS 4.0.3, SunOS 4.1 and SunOS 4.1.1.
The following Sun Microsystems Security Bulletin only applies to systems
that have installed the Sun Source tapes.
For more information, please contact Sun Microsystems at 1-800-USA-4SUN.
- -------------------------------------------------------------------------
SUN MICROSYSTEMS SECURITY BULLETIN:
#00107
This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.
Sun expressly disclaims all liability for any misuse of this information
by any third party.
-------------------------------------------------------------------
Sun Bug ID : 1059621
Synopsis : security hole created by installing sunsrc
Sun Patch ID: Not applicable see fix below.
This applies to sites that have installed Sun Source tapes only.
The Sun distribution of sources (sunsrc) has an installation
procedure which creates the directory /usr/release/bin and
installs two setuid root files in it: makeinstall and winstall.
These are both binary files which exec other programs: "make -k install"
(makeinstall) or "install" (winstall).
This makes it possible for users on that system to become root.
The solution:
chmod ug-s /usr/release/bin/{makeinstall, winstall}
(if the sources have already been installed)
and/or
edit the makefile in sunsrc/release and change the SETUID definition
(if the sources have been extracted from tape but not installed yet)
-------------------------------------------------------------------
Special thanks to CERT and Tel-Aviv University for reporting this
problem.
Brad Powell
Sun Microsystems
Software Security Coordinator.
- ---------------------------------------------------------------------------
The CERT/CC would like to thank Sun Microsystems, Inc. for their response
to this vulnerability. We would also like to thank Ariel Cohen from
Tel-Aviv University, School of Mathematical Sciences for reporting the
problem.
- ---------------------------------------------------------------------------
If you believe that your system has been compromised, contact CERT/CC
via telephone or e-mail.
Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Internet E-mail: cert@cert.org
Telephone: 412-268-7090 24-hour hotline:
CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
on call for emergencies during other hours.
Past advisories and other computer security related information are
available for anonymous ftp from the cert.org (192.88.209.5)
system.
- --------------------------------------------------------------------------
Copyright 1991 Carnegie Mellon University. Conditions for use, disclaimers,
and sponsorship information can be found in
http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .
If you do not have FTP or web access, send mail to cert@cert.org with
"copyright" in the subject line.
CERT is registered in the U.S. Patent and Trademark Office.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revision History
September 18,1997 Attached Copyright Statement
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBOBS9C1r9kb5qlZHQEQJlzQCgzPNjqTQX1lbowZNNL/l3FkuhinwAn0dh
VPg03Alvidb/nefGIBhvKW/3
=Y4RR
-----END PGP SIGNATURE-----
|
