home *** CD-ROM | disk | FTP | other *** search
-
- CA-91:07 CERT Advisory
- May 20, 1991
- SunOS Source Tape Installation Vulnerability
-
- -------------------------------------------------------------------------
-
- The Computer Emergency Response Team/Coordination Center (CERT/CC) has
- received the following information from Sun Microsystems, Inc. (Sun).
- Sun has given the CERT/CC permission to distribute their Security
- Bulletin. It contains information regarding a fix for a vulnerability
- in SunOS 4.0.3, SunOS 4.1 and SunOS 4.1.1.
-
- The following Sun Microsystems Security Bulletin only applies to systems
- that have installed the Sun Source tapes.
-
- For more information, please contact Sun Microsystems at 1-800-USA-4SUN.
-
- -------------------------------------------------------------------------
-
- SUN MICROSYSTEMS SECURITY BULLETIN:
- #00107
-
- This information is only to be used for the purpose of alerting
- customers to problems. Any other use or re-broadcast of this
- information without the express written consent of Sun Microsystems
- shall be prohibited.
-
- Sun expressly disclaims all liability for any misuse of this information
- by any third party.
-
- -------------------------------------------------------------------
-
- Sun Bug ID : 1059621
- Synopsis : security hole created by installing sunsrc
- Sun Patch ID: Not applicable see fix below.
-
- This applies to sites that have installed Sun Source tapes only.
-
- The Sun distribution of sources (sunsrc) has an installation
- procedure which creates the directory /usr/release/bin and
- installs two setuid root files in it: makeinstall and winstall.
- These are both binary files which exec other programs: "make -k install"
- (makeinstall) or "install" (winstall).
-
- This makes it possible for users on that system to become root.
-
- The solution:
- chmod ug-s /usr/release/bin/{makeinstall, winstall}
- (if the sources have already been installed)
- and/or
- edit the makefile in sunsrc/release and change the SETUID definition
- (if the sources have been extracted from tape but not installed yet)
-
- -------------------------------------------------------------------
-
- Special thanks to CERT and Tel-Aviv University for reporting this
- problem.
-
- Brad Powell
- Sun Microsystems
- Software Security Coordinator.
-
- ---------------------------------------------------------------------------
-
- The CERT/CC would like to thank Sun Microsystems, Inc. for their response
- to this vulnerability. We would also like to thank Ariel Cohen from
- Tel-Aviv University, School of Mathematical Sciences for reporting the
- problem.
-
- ---------------------------------------------------------------------------
-
- If you believe that your system has been compromised, contact CERT/CC
- via telephone or e-mail.
-
- Computer Emergency Response Team/Coordination Center (CERT/CC)
- Software Engineering Institute
- Carnegie Mellon University
- Pittsburgh, PA 15213-3890
-
- Internet E-mail: cert@cert.sei.cmu.edu
- Telephone: 412-268-7090 24-hour hotline:
- CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
- on call for emergencies during other hours.
-
- Past advisories and other computer security related information are
- available for anonymous ftp from the cert.sei.cmu.edu (192.88.209.5)
- system.
-
-
