***********************************************************************
DDN Security Bulletin 9114       DCA DDN Defense Communications System
27 Aug 91               Published by: DDN Security Coordination Center
                                    ([email protected])  (800) 235-3155

                       DEFENSE  DATA  NETWORK
                         SECURITY  BULLETIN

The DDN  SECURITY BULLETIN  is distributed  by the  DDN SCC  (Security
Coordination Center) under  DCA contract as  a means of  communicating
information on network and host security exposures, fixes, &  concerns
to security & management personnel at DDN facilities.  Back issues may
be  obtained  via  FTP  (or  Kermit)  from  NIC.DDN.MIL  [192.67.67.20]
using login="anonymous" and password="guest".  The bulletin pathname is
SCC:DDN-SECURITY-yynn (where "yy" is the year the bulletin is issued
and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-9001).
**********************************************************************

                    SGI "IRIX" /usr/sbin/fmt Vulnerability

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
!                                                                       !
!     The following important  advisory was  issued by the Computer     !
!     Emergency Response Team (CERT)  and is being relayed unedited     !
!     via the Defense Communications Agency's Security Coordination     !
!     Center  distribution  system  as a  means  of  providing  DDN     !
!     subscribers with useful security information.                     !
!                                                                       !
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +



CA-91:14                        CERT Advisory
                              August 26, 1991
                    SGI "IRIX" /usr/sbin/fmt Vulnerability

---------------------------------------------------------------------------

The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a vulnerability of mail messages in Silicon
Graphics Computer Systems' IRIX versions prior to 4.0 (this includes all
3.2 and 3.3.* versions).  This problem has been fixed in version 4.0.

Information regarding the exploitation of this vulnerability is inherently
disclosed by any discussion of the problem (including this Advisory) so
we recommend taking immediate action. Until you are able to apply the patch,
mail at your site is vulnerable to being read by any ordinary user logged
in at that site.

Silicon Graphics has provided the enclosed patch instructions.

---------------------------------------------------------------------------

I.   DESCRIPTION:

    A vulnerability exists such that IRIX pre-4.0 (e.g., 3.3.3) systems
    with the basic system software ("eoe1.sw.unix") installed can allow
    unauthorized read access to users' mail messages, by exploiting a
    configuration error in a standard system utility. Due to the ease
    of exploiting this vulnerability and the simplicity of the corrective
    action, the CERT/CC urges all sites to install the patch given below.

II.  IMPACT:

    Anyone who can log in on a given IRIX pre-4.0 (3.2, 3.3, 3.3.*) system
    can read mail messages which have been delivered to any other user on
    that same system.

III. SOLUTION:

    As "root", execute the following commands:

       chmod 755 /usr/sbin/fmt
       chown root.sys /usr/sbin/fmt

    If system software should ever be reloaded from a 3.2 or 3.3.*
    installation tape or from a backup tape created before the patch
    was applied, repeat the above procedure immediately after the software
    has been reloaded, before enabling logins by normal users.

    [Fixed in IRIX 4.0.]


---------------------------------------------------------------------------
The CERT/CC would like to thank Silicon Graphics for bringing this
vulnerability and solution to our attention.
---------------------------------------------------------------------------

If you believe that your system has been compromised, contact CERT/CC via
telephone or e-mail.

Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Internet E-mail: [email protected]
Telephone: 412-268-7090 24-hour hotline:
          CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
          on call for emergencies during other hours.

Past advisories and other computer security related information are available
for anonymous ftp from the cert.sei.cmu.edu (192.88.209.5) system.


Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.