________________________________________________________________________

             THE COMPUTER INCIDENT ADVISORY CAPABILITY



                                CIAC



                        INFORMATION BULLETIN

________________________________________________________________________



            SunView/SunTools selection_svc Vulnerability



August 23, 1990, 1600 PST                                   Number A-32



CIAC has been advised that there is a vulnerability (Sun Bug ID

1039576) in systems running SunView under SunOS 4.x (or SunTools under

SunOS 3.x).  The SunView/SunTools selection_svc facility may allow a

remote user unauthorized access to selected files from a computer

running SunView.   The problem exists in Sun3 and Sun4 platforms

running SunOS 3.x, 4.0, 4.0.1, 4.0.3, and 4.1 as well as 386i platforms

running SunOS 4.0, 4.01, and 4.0.2.   Because the selection_svc process

continues to run until terminated, this vulnerability can be exploited

even after a user changes to another window system after running

SunView/SunTools or logs off the system.  (The problem is in

SunView/SunTools, however, and not with other window systems such as

X11.)  CERT/CC provides additional details:



   On Sun3 and Sun4 systems, a remote system can read any file that is

   readable to the user running SunView.  On the 386i, a remote system

   can read any file on the workstation running SunView regardless of

   protections.  Note that if root runs Sunview, all files are

   potentially accessible by a remote system.  If the password file with

   the encrypted passwords is world readable, an intruder can take the

   password file and attempt to guess passwords.



A patch for this vulnerability is available for Sun 4.x systems.  Call

your local Sun answer center, phone (800) USA-4SUN, anonymous ftp into

sun-fixes on uunet.uu.net, or send e-mail to:



   [email protected]



Sun Microsystems has recently established a customer warning system for

reporting new vulnerabilities and disseminating relevant information.

Send e-mail to:



       [email protected]



or leave a message on the voice mail system at (415) 336-7205.  Please

also advise CIAC of any new vulnerabilities you may discover.



For additional information or assistance, please contact CIAC:



       David Brown

       (415) 423-9878 or (FTS) 543-9878

       FAX:  (415) 423-0913, (FTS) 543-0913 or (415) 422-4294



CIAC's 24-hour emergency hot-line number is (415) 971-9384.   If you

call the emergency number and there is no answer, please let the number

ring until voice mail comes on.  Please leave a voice mail message;

someone will return your call promptly.  You may send e-mail to:



       [email protected]



CERT/CC and Brad Powell of Sun Microsystems provided information

included in this bulletin.  Neither the United States Government nor

the University of California nor any of their employees, makes any

warranty,  expressed or implied, or assumes any legal liability or

responsibility for the accuracy, completeness, or usefulness of any

information, product, or process disclosed, or represents that its use

would not infringe privately owned rights.  Reference herein to any

specific commercial products, process, or service by trade name,

trademark manufacturer, or otherwise, does not necessarily constitute

or imply its endorsement, recommendation, or favoring by the United

States Government or the University of California.  The views and

opinions of authors expressed herein do not necessarily state or

reflect those of the United States Government nor the University of

California, and shall not be used for advertising or product

endorsement purposes.



You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.