-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
CA-93:13                         CERT Advisory
                              September 17, 1993
                       SCO Home Directory Vulnerability
- -----------------------------------------------------------------------------

The CERT Coordination Center has received information indicating that SCO
Operating Systems may be vulnerable to a potential compromise of system
security.  This vulnerability allows unauthorized access to the "dos" and
"asg" accounts, and, as a result of this access, unauthorized access to
the "root" account may also occur.

The following releases of SCO products are affected by this vulnerability:

    SCO UNIX System V/386 Release 3.2 Operating System
    SCO UNIX System V/386 Release 3.2 Operating System Version 2.0
    SCO UNIX System V/386 Release 3.2 Operating System version 4.x
    SCO UNIX System V/386 Release 3.2 Operating System Version 4.0 with
        Maintenance Supplement Version 4.1 and/or Version 4.2
    SCO Network Bundle Release 4.x
    SCO Open Desktop Release 1.x
    SCO Open Desktop Release 2.0
    SCO Open Desktop Lite Release 3.0
    SCO Open Desktop Release 3.0
    SCO Open Server Network System Release 3.0
    SCO Open Server Enterprise System Release 3.0

CERT and The Santa Cruz Operation recommend that all sites using these SCO
products take action to eliminate the source of vulnerability from their
systems.  This problem will be corrected in upcoming releases of SCO
operating systems.

- -----------------------------------------------------------------------------

I.   Description

    The home directories of the users "dos" and "asg" are /tmp and
    /usr/tmp respectively. These directories are designed to have
    global write permission.

II.  Impact

    This vulnerability may allow unauthorized users to gain access to
    these accounts. This vulnerability may also corrupt certain binaries
    in the system and thus prevent regular users from running them, as well
    as introduce a potential for unauthorized root access.

III. Solution

    All affected sites should follow these instructions:

    1. Log onto the system as "root"
    2. Choose the following sequence of menu selections from
       the System Administration Shell, which is invoked by
       typing "sysadmsh"

       a. Accounts-->User-->Examine-->
          [select the "dos" account] -->Identity
          -->Home directory-->Create-->Path-->
          [change it to /usr/dos instead of /tmp]--> confirm

       b. Accounts-->User-->Examine-->
          [select the "asg" account] -->Identity
          -->Home directory-->Create-->Path-->
          [change it to /usr/asg instead of /usr/tmp]--> confirm

    3. If DOS binaries have been modified, or sites are unable to
       determine if modification has occurred, we strongly recommend
       removing and reinstalling the DOS package of the Operating System
       Extended Utilities.  This can be done using custom(ADM).

       Sites may also want to check their systems for signs of further
       compromise. This can be facilitated through the use of programs
       such as COPS. Other security advice and suggestions can be found
       in CERT's security checklist. This checklist may be obtained
       through anonymous FTP from cert.org in pub/tech_tips/security_info.

       Note: COPS may be obtained from many sites, including via
       anonymous FTP from cert.org in the pub/tools directory.

If you have further questions about this issue, please contact SCO Support
and ask for more information concerning this CERT advisory, CA-93:13, "SCO
Home Directory Vulnerability."

       Electronic mail: [email protected]

       USA/Canada: 6am-5pm Pacific Daylight Time (PDT)
       -----------
       1-800-347-4381  (voice)
       1-408-427-5443  (fax)

       Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
       ------------------------------------------------ Daylight Time
                                                        (PDT)
       1-408-425-4726  (voice)
       1-408-427-5443  (fax)

       Europe, Middle East, Africa: 9am-5:30pm British Standard Time (BST)
       ----------------------------
       +44 (0)923 816344 (voice)
       +44 (0)923 817781 (fax)

- ---------------------------------------------------------------------------
The CERT Coordination Center wishes to thank Christopher Durham of the Santa
Cruz Operation for reporting this problem and his assistance in responding to
this problem.
- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in Forum of Incident
Response and Security Teams (FIRST).

Internet E-mail: [email protected]
Telephone: 412-268-7090 (24-hour hotline)
          CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
          and are on call for emergencies during other hours.

CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous FTP
from cert.org (192.88.209.5).


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaMxQnVP+x0t4w7BAQEKjQQAr5ugUW3Oo9g612it1H8GxMv/UsTXQ/wP
vnfM+5PxpyWK//AOlgDsdRVuPU/8Jjz7IHel4Hue/EqC6q3gj0g6t2PqPOXrhCRT
48cZblmVBs752qS5XJeqfKgwGlQNZXW5QIPZB0qQe4zfoX4/qnXEZdAa4ZPWwPN9
nCUnmQbR5JI=
=eagU
-----END PGP SIGNATURE-----

You are viewing proxied material from gopher.altexxanet.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.