From POP2-Server@csmes Fri May 6 09:17:28 1994 Received: from csrc.ncsl.nist.gov (CSRC.NCSL.NIST.GOV [129.6.54.11]) by csmes.ncsl.nist.gov (8.6.4/8.6.4) with SMTP id WAA04886; Thu, 5 May 1994 22:38:33 -0400 Received: from localhost (root@localhost) by csrc.ncsl.nist.gov (8.6.4/8.6.4) id WAA05296 for xfirst-teams; Thu, 5 May 1994 22:35:56 -0400 Received: from mot.ncsl.nist.gov (MOT.NCSL.NIST.GOV [129.6.54.38]) by csrc.ncsl.nist.gov (8.6.4/8.6.4) with ESMTP id WAA05291 for ; Thu, 5 May 1994 22:35:55 -0400 Received: from localhost (uucp@localhost) by mot.ncsl.nist.gov (8.6.4/8.6.4) id WAA00746 for ; Thu, 5 May 1994 22:16:42 -0400 Received: from nssdca.gsfc.nasa.gov(128.183.36.23) by mot via smap (V1.3mjr) id sma000742; Thu May 5 22:16:40 1994 Date: Thu, 5 May 1994 22:37:14 -0400 (EDT) From: Ron Tencati +1-301-441-4081 To: first-teams@first.org CC: TENCATI@NSSDCA.GSFC.NASA.GOV Message-Id: <940505223714.21400578@NSSDCA.GSFC.NASA.GOV> Subject: NASIRC Bulletin 94-16: Automountd Security Problem under Solaris Organization: FIRST, the Forum of Incident Response & Security Teams Sub-Organization: FIRST Secretariat Sender: first-request@csrc.ncsl.nist.gov Reply-To: Ron Tencati +1-301-441-4081 X-Sequence: first-teams.0336 Content-Length: 4657 Status: O The following bulletin was released to the NASA community by NASIRC: NASIRC BULLETIN #94-16 May 5, 1994 Automountd security problem in Solaris 2.3 =========================================================== __ __ __ ___ ___ ____ ____ /_/\ /_/| /_/ / _/\ /_/| / __/ \ / __/\ | |\ \| || / \ \ | /\/ | || | /\ \/ | | \/ | ||\ \ || / /\ \ \ \ \ | || |_\/ /\ | | | || \ \|| / /--\ \ \ /\_\\ | || | |\ \ \ | \_/\ |_|/ \_|//_/ \_\/ \/__/ |_|/ |_| \_\/ \___\/ NASA Automated Systems Incident Response Capability =========================================================== NASIRC recently received information about a security vulnerability in the "automountd" daemon under the Solaris 2.3 operating system. SYSTEMS AFFECTED: All systems running Solaris 2.3 are vulnerable; no other systems are affected by this vulnerability. (No instances of this vulnerability being exploited have been recorded to date.) THE PROBLEM: Any user with an account on an unpatched Solaris 2.3 system can gain root access to that system. THE FIX: This vulnerability can be patched by installing the executable con- tained in "automountd" (Sun Patch 101329-15), or by installing the patch in its entirety. The patch is available via anonymous FTP from nasirc.nasa.gov as follows: -- The entire Sun NIS+ Jumbo patch: ~/toolkits/Sun_Patches/101329-15.tar.Z -- The automountd *executable* (alone) from the Jumbo Patch: ~/toolkits/Sun_Patches/101329-15.automountd CHECKSUMS: File BSD MD5 Name Checksum Digital Signature --------------- --------- -------------------------------- 101329-15.tar.Z 55492 843 19AA042484727A5DE9CB21199858071A 101329-15.automountd 28991 59 F1B47A73C86C8B32D50EA7A4DBA9A8B5 NASIRC will continue to monitor this situation and will post additional information should it become necessary. If you have any questions about this bulletin, please contact NASIRC via any of the venues below. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NASIRC ACKNOWLEDGES: Mark Graff of Sun Microsytems for forwarding this information in a rapid and timely manner. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= =============================================================== For further assistance, please contact the NASIRC Helpdesk: Phone: 1-800-7-NASIRC Fax: 1-301-441-1853 Internet Email: nasirc@nasa.gov 24 Hour/Emergency Pager: 1-800-759-7243/Pin:2023056 STU III: 1-301-982-5480 =============================================================== This bulletin may be forwarded without restriction to sites and system administrators within the NASA community. The NASIRC online archive system is available via anonymous ftp. You will be required to enter your valid e-mail address as the "password". Once on the system, you can access the following information: ~/bulletins ! contains NASIRC bulletins ~/information ! contains various informational files ~/toolkits ! contains automated toolkit software The contents of these directories is updated on a continuous basis with relevant software and information; contact the NASIRC Helpdesk for more information or assistance. ----------------- PLEASE NOTE: Users outside of the NASA community may receive NASIRC bulletins. If you are not part of the NASA community, please contact your agency's response team to report incidents. Your agency's team will coordinate with NASIRC, who will ensure the proper internal NASA team(s) are notified. NASIRC is a member of the Forum of Incident Response and Security Teams (FIRST), a world-wide organiza- tion which provides for coordination between incident response teams in handling computer-security-related issues. You can obtain a list of FIRST member organizations and their constituencies by sending email to docserver@first.org with an empty "subject" line and a message body containing the line "send first-contacts".