*********************************************************************** DDN Security Bulletin 9108 DCA DDN Defense Communications System 23 MAY 91 Published by: DDN Security Coordination Center (SCC@NIC.DDN.MIL) (800) 235-3155 DEFENSE DATA NETWORK SECURITY BULLETIN The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security Coordination Center) under DCA contract as a means of communicating information on network and host security exposures, fixes, & concerns to security & management personnel at DDN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.67.67.20] using login="anonymous" and password="guest". The bulletin pathname is SCC:DDN-SECURITY-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-9001). ********************************************************************** AT&T System V Release 4 /bin/login Vulnerability + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ! ! ! The following important advisory was issued by the Computer ! ! Emergency Response Team (CERT) and is being relayed unedited ! ! via the Defense Communications Agency's Security Coordination ! ! Center distribution system as a means of providing DDN ! ! subscribers with useful security information. ! ! ! + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + CA-91:08 CERT Advisory May 23, 1991 AT&T System V Release 4 /bin/login Vulnerability --------------------------------------------------------------------------- The Computer Emergency Response Team/Coordination Center (CERT/CC) has received information concerning a security vulnerability in AT&T's UNIX(r) System V Release 4 operating system. AT&T is providing a software upgrade for Release 4 operating system vendors and a patch for AT&T Computer Systems customers. AT&T has also provided a suggested fix for all Release 4 based systems. --------------------------------------------------------------------------- I. DESCRIPTION: A security vulnerability exists in /bin/login in AT&T's System V Release 4 operating system. II. IMPACT: System users can gain unauthorized privileges. III. SOLUTION: A. AT&T Computer Systems customers Log into the root account. Change the execution permission on the file /bin/login. chmod 500 /bin/login Contact AT&T Computer Systems at 800-922-0354 to obtain a fix. The numbers associated with the fix are 156 (3.5" media) and 157 (5.25" media). International customers should contact their local AT&T Computer Systems representative. B. All other System V Release 4 based systems Log into the root account. Change the execution permission on the file /bin/login. chmod 500 /bin/login Release 4 customers should contact their operating system supplier for details on the availability of the software update. --------------------------------------------------------------------------- The CERT/CC would like to thank AT&T for their timely response to our report of this vulnerability. --------------------------------------------------------------------------- If you believe that your system has been compromised, contact CERT/CC via telephone or e-mail. Computer Emergency Response Team/Coordination Center (CERT/CC) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Internet E-mail: cert@cert.sei.cmu.edu Telephone: 412-268-7090 24-hour hotline: CERT/CC personnel answer 7:30a.m.-6:00p.m. EST, on call for emergencies during other hours. Past advisories and other computer security related information are available for anonymous ftp from the cert.sei.cmu.edu (128.237.253.5) system.