-----BEGIN PGP SIGNED MESSAGE-----

CA-93:02a                       CERT Advisory
                             January 21, 1993
   REVISION NOTICE: New Patch for NeXT NetInfo "_writers" Vulnerabilities

- -----------------------------------------------------------------------------

                *** THIS IS A REVISED CERT ADVISORY ***
                  *** IT CONTAINS NEW INFORMATION ***

The CERT Coordination Center has received updated information from NeXT
Computer, Inc. concerning vulnerabilities in the distributed printing
facility of NeXT computers running all releases of NeXTSTEP software
through NeXTSTEP Release 3.0.  The online patch described in CERT
Advisory CA-93:02 has been replaced with a new patch.  The size and
checksum information in this Advisory have been updated to reflect
the new online patch.

For more information, please contact your authorized support center.  If you
are an authorized support provider, please contact NeXT through your normal
channels.

- -----------------------------------------------------------------------------

I.   Description

    The default NetInfo "_writers" properties are configured to allow
    users to install printers and FAX modems and to export them to the
    network without requiring assistance from the system administrator.
    They also allow a user to configure other parts of the system, such as
    monitor screens, without requiring help from the system administrator.
    Vulnerabilities exist in this facility that could allow users to gain
    unauthorized privileges on the system.


II.  Impact

    In the case of the "/printers" and the "/fax_modems" directories, the
    "_writers" property can permit users to obtain unauthorized root
    access to a system.

    In the "/localconfig/screens" directory, the "_writers" property can
    potentially permit a user to deny normal login access to other users.


III. Solution

    To close the vulnerabilities, remove the "_writers" properties from
    the "/printers", "/fax_modems", and "/localconfig/screens" directories
    in all NetInfo domains on the network, and from all immediate
    subdirectories of all "/printers", "/fax_modems", and
    "/localconfig/screens" directories.  The "_writers" properties may be
    removed using any one of the following three methods:

    A. As root, use the "niutil" command-line utility.  For example, to
       remove the "_writers" property from the "/printers" directory:

         # /usr/bin/niutil -destroyprop . /printers _writers


    B. Alternatively, use the NetInfoManager application: open the
       desired domain, open the appropriate directory, select the
       "_writers" property, choose the "Delete" command [Cmd-r] from
       the "Edit" menu, and save the directory.


    C. To assist system administrators in editing their NetInfo
       domains, a shell script, "writersfix", is available via
       anonymous FTP from next.com (129.18.1.2):

         Filename                                   Size   Checksum
         --------                                   ----   --------
         pub/Misc/Utilities/WritersFix.compressed   5600   25625  6

       After transferring this file using BINARY transfer type,
       double-click on the file.  A "WritersFix" directory will be
       created in your file system, containing the script
       ("writersfix") and some documentation ("WritersFix.rtf").


    Consider removing "_writers" from other NetInfo directories as well
    (for example, "/locations"), noting the following trade-off between
    ease-of-use and security.  By removing the "_writers" properties, the
    network and the computers on the network become more secure, but a
    system administrator's assistance is required where it previously was
    not required.

    Please refer to the NeXTSTEP Network and System Administration manual
    for additional information on "_writers".  Note that the
    subdirectories of the "/users" directory have "_writers_passwd" set to
    the user whose account is described by the directory.  This is
    essential if users are to be able to change their own passwords, and
    this does not compromise system security.

- -----------------------------------------------------------------------------
The CERT Coordination Center wishes to thank Alan Marcum and Eric Larson of
NeXT Computer, Inc. for notifying us about the existence of these
vulnerabilities and for providing appropriate technical information.
- -----------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in FIRST (Forum of Incident
Response and Security Teams).

Internet E-mail: [email protected]
Telephone: 412-268-7090 (24-hour hotline)
          CERT personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),
          on call for emergencies during other hours.

CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous FTP
from cert.org (192.88.209.5).


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaMxHXVP+x0t4w7BAQHHSAP9FKYT3foDizRN0ilAE2cHNlMLybQqD6dE
NOgWZg4lEsDaYNeXezj6xu9zqHLRokajWrNefrK+jLFbkvrPGmVfr2lPpnClzzNe
+dbaUq0jAKHiZQjFDTox4IY/Ac+sETYjSnFmw4wKOiNCPkIXwT8h+Qcg3X1A3glP
0qVHWVvMM9o=
=DSUf
-----END PGP SIGNATURE-----

You are viewing proxied material from gopher.altexxanet.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.