|
|
Home : Advisories : Solaris System Startup Vulnerability
| Title: |
Solaris System Startup Vulnerability |
| Released by: |
CERT |
| Date: |
16th December 1993 |
| Printable version: |
Click here |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
CA-93:19
Last revised: September 19, 1997. Updates - Added Sun patch information.
CERT Advisory
December 16, 1993
Solaris System Startup Vulnerability
- -----------------------------------------------------------------------------
The CERT Coordination Center has received information concerning a
vulnerability in the system startup scripts on Solaris 2.x and Solaris x86
systems. The changes described below will be integrated into the upcoming
Solaris release.
- -----------------------------------------------------------------------------
I. Description
If fsck(8) fails during system boot, a privileged shell is run
on the system console. This behavior can represent a security
vulnerability if users, who would normally not have root access,
have physical access to the console at boot time. An attacker
can force the failure to occur.
II. Impact
This vulnerability allows anyone with physical access to the
system console to gain root access.
III. Solution
A simple change to each of two system scripts can be used to
close this potential security hole. The new behavior will cause the
system to run the privileged shell only if the user at the console
enters the correct root password.
If you wish to make the change on your own systems, edit both
/sbin/rcS and /sbin/mountall, changing every occurrence of:
/sbin/sh < /dev/console
to:
/sbin/sulogin < /dev/console
As distributed by Sun, /sbin/rcS contains one occurrence of this
string, at line 152; and /sbin/mountall contains two, one at line
66 and one at line 250.
Once these changes are made, sulogin will request the root
password in the event fsck(8) fails, before starting a privileged shell.
The success or failure of sulogin will be logged in /var/adm/sulog.
- ---------------------------------------------------------------------------
The CERT Coordination Center wishes to thank Sun Microsystems, Inc.
for their support in responding to this problem.
- ---------------------------------------------------------------------------
If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in Forum of Incident
Response and Security Teams (FIRST).
Internet E-mail: cert@cert.org
Telephone: 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
and are on call for emergencies during other hours.
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous
FTP from info.cert.org.
===========================================================================
UPDATES
September 19, 1997
- -----------------
BUG 1124898 is fixed in Solaris 2.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revision history
Sept. 19, 1997. Updates - Added Sun patch information.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBOBS/dFr9kb5qlZHQEQIF7QCePtCTJ4Kh+032WwOtf9bEDo+KgXcAoNNN
9zocC1yD63i0j7Qp60QdPKIk
=yBGM
-----END PGP SIGNATURE-----
|
