[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Division of Privilege (DoP) - Potential Security Vulnerability

Title: Division of Privilege (DoP) - Potential Security Vulnerability
Released by: DEC
Date: 6th March 1997
Printable version: Click here
  PRODUCT:  DIGITAL UNIX[TM] V4.0, V4.0A, V4.0B         MARCH 6, 1997



  TITLE:  Division of Privilege (DoP) - Potential Security Vulnerability

  SOURCE: Digital Equipment Corporation

          Software Security Response Team/Colorado Springs USA



  "Digital is broadly distributing this Security Advisory in order to

  bring to the attention of users of Digital's products the important

  security information contained in this Advisory.  Digital recommends

  that all users determine the applicability of this information to

  their individual situations and take appropriate action.



  Digital does not warrant that this information is necessarily

  accurate or complete for all user situations and, consequently,

  Digital will not be responsible for any damages resulting from

  user's use or disregard of the information provided in this

  Advisory."



- ----------------------------------------------------------------------

IMPACT:



  Digital has discovered a potential vulnerability with the

  Division of Privilege (DoP), "/usr/sbin/dop" for DIGITAL UNIX

  V4.0, V4.0A and V4.0B, where under certain circumstances,

  an unauthorized user may gain unauthorized privileges.  Digital

  strongly recommends that the workaround be implemented

  immediately for any version affected, and that the

  appropriate patch kit be installed as soon as it becomes

  available.





- ----------------------------------------------------------------------

RESOLUTION:



  This potential security issue has been resolved and an

  official fix for this problem will be made available

  beginning the 13th of March 1997. As the patches become

  available per affected version, Digital will provide them

  through:



  o the World Wide Web at the following FTP address:



    http://ftp.service.digital.com/public/

        the sub directory Digital_UNIX, key identifier SSRT0435U





  Note: [1]The patch kits mentioned above will be replaced in

        the near future through normal patch release

        procedures.



        [2]The appropriate patch kit must be reinstalled

        following any upgrade beginning with V4.0

        up to and including V4.0b.

        



- ----------------------------------------------------------------------

TEMPORARY WORKAROUND:



  Prior to receiving the official patch for this fix, a

  temporary workaround for this problem is to clear the

  setuid bit from the /usr/sbin/dop command as follows:



                # chmod 0 /usr/sbin/dop



  This temporary workaround will resolve the security issue,

  but will also defeat DoP's purpose.  See "ADDITIONAL

  COMMENTS" below for the purpose of DoP, the effect of

  using this temporary workaround, and what to do as a

  solution while using this temporary workaround.



- ----------------------------------------------------------------------

ADDITIONAL COMMENTS:



  The DoP command is used to provide non-root users with the

  ability to enter the root password to access the graphical

  system management applications via the CDE application

  manager or the Host Manager.  When a non-root user

  attempts to execute a system management application

  through one of these applications, the user will be

  prompted with a password dialog.  If the user enters the

  correct root password, they will gain root privilege while

  running the given application.



  If the setuid bit is cleared from /usr/sbin/dop, then

  users will not be able to access the system management

  applications from either the CDE application manager or

  the Host Manager.



  The following are workarounds to allow users to run the

  graphical system management applications with DoP

  disabled:



  [1] Log into a CDE session as root and access the system

  management applications.



  [2] If logged in as a normal user, become root in your

  preferred X-based terminal emulator (xterm, dxterm, dtterm,

  etc.) and run the graphical system management application

  via the command line.



  If you need further information, please contact your

  normal DIGITAL support channel.



  DIGITAL appreciates your cooperation and patience. We

  regret any inconvenience applying this information may cause.



  __________________________________________________________________

  Copyright (c) Digital Equipment Corporation, 1995 All

  Rights Reserved.

  Unpublished Rights Reserved Under The Copyright Laws Of

  The United States.

  __________________________________________________________________












(C) 1999-2000 All rights reserved.