Subject /usr/lib/sendmail , /bin/tar , Date 22-Oct-93
1ced3ed83d5368f52bab2a81c9cf6bfcaa1c8ff945ef29dc68dc533e4eaf8738-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===============================================================================
>> CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl. Links <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>> <<
>> CERT-NL also has stopped the CERT-CC-Mirror service. Due to this the <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the <<
>> complete CERT-CC advisory texts: http://www.cert.org <<
===============================================================================
===============================================================================
Security Advisory CERT-NL
===============================================================================
Author/Source : CERT-NL (Don Stikvoort) Index : S-93-21
Distribution : World Page : 1
Classification: External Version: Final
Subject : /usr/lib/sendmail , /bin/tar , Date : 22-Oct-93
/dev/audio vulnerabilities
==============================================================================
CERT-NL received information about three SunOS and Solaris vulnerabilities:
/usr/lib/sendmail, /bin/tar, and /dev/audio
The first vulnerability is being actively exploited so take extra care!
We advise you to take proper action, get patches and install them.
In the below CERT/CC report all details are shown.
We thank CERT/CC for providing this information.
==============================================================================
==============================================================================
The CERT Coordination Center has learned of several vulnerabilities
affecting Sun Microsystems, Inc. (Sun) operating systems. Three
separate vulnerabilities are described in this advisory. The first
and third vulnerabilities affect all versions of SunOS 4.1.x and all
versions of Solaris 2.x. The second affects all systems running any
version of Solaris 2.x (but does not affect SunOS 4.1.x systems).
Patches can be obtained from local Sun Answer Centers worldwide as
well as through anonymous FTP from :
FOR SURFNET :
info.nic.surfnet.nl in the
/surfnet/net-security/cert-nl/patches/sun-fixes directory
(FTP-archive also reachable through Gopher)
Information concerning specific patches is outlined below. Please note
that Sun sometimes updates patch files. If you find that the checksum
is different, please contact Sun.
- -----------------------------------------------------------------------------
I. /usr/lib/sendmail Vulnerability
This vulnerability affects all versions of SunOS 4.1.x including
4.1.1, 4.1.2, 4.1.3, 4.1.3c, and all versions of Solaris 2.x
including Solaris 2.1 (SunOS 5.1) and Solaris 2.2 (SunOS 5.2).
Sun is preparing a version of this patch for Solaris 2.3 but no
patch ID is available at this time.
** This vulnerability is being actively exploited and we strongly
recommend that sites take immediate and corrective action. **
A. Description
A vulnerability exists in /usr/lib/sendmail such that remote
users may gain access to affected systems.
B. Impact
Unauthorized access to affected systems may occur.
C. Solution
1. Obtain and install the appropriate patch following the
instructions included with the patch.
System Patch ID Filename BSD Solaris
Checksum Checksum
------ -------- --------------- --------- -----------
SunOS 4.1.x 100377-07 100377-07.tar.Z 36122 586 11735 1171
Solaris 2.1 100840-03 100840-03.tar.Z 01153 194 39753 388
Solaris 2.2 101077-03 101077-03.tar.Z 49343 177 63311 353
The checksums shown above are from the BSD-based checksum
(on 4.1.x, /bin/sum; on Solaris, /usr/ucb/sum) and from the SVR4
version that Sun has released with Solaris (/usr/bin/sum).
II. Solaris 2.x /bin/tar Vulnerability
This vulnerability exists in all versions of Solaris 2.x including
Solaris 2.1 and Solaris 2.2. Information about patches for current
versions of Solaris is described below. Sun is preparing a patch
for the upcoming Solaris 2.3 release. The patch ID will be 101327-01,
and it will be available as soon as Solaris 2.3 is shipped.
This vulnerability does not exist in SunOS 4.1.x systems.
A. Description
A security vulnerability exists in /bin/tar such that tarfiles
created using this utility may incorporate portions of the
/etc/passwd file.
B. Impact
Usernames and other information from /etc/passwd and /etc/group
may be disclosed. However, since Solaris 2.x uses shadow passwords,
encrypted passwords should not appear in /etc/passwd and therefore
should not be disclosed by this vulnerability.
C. Solution
We recommend that all affected sites take the following steps
to secure their systems.
1. Obtain and install the appropriate patch following the
instructions included with the patch.
System Patch ID Filename BSD Solaris
Checksum Checksum
------ -------- --------------- --------- -----------
Solaris 2.1 100975-02 100975-02.tar.Z 37034 374 13460 747
Solaris 2.2 101301-01 101301-01.tar.Z 22089 390 4703 779
The checksums shown above are from the BSD-based checksum
(on 4.1.x, /bin/sum; on Solaris, /usr/ucb/sum) and from the SVR4
version that Sun has released with Solaris 2.x (/usr/bin/sum).
2. If your site is not using shadow passwords, we recommend
that all passwords be changed, especially those for
sensitive accounts such as root.
3. Depending upon the sensitivity of the information contained
in the /etc/passwd file, sites may wish to replace existing
tar files where this is possible. Restoring an existing
archive file, and then producing a new tarfile with the
patched tar, will result in a clean archive file.
III. /dev/audio Vulnerability
This vulnerability affects all Sun systems with microphones. This
includes all versions of SunOS 4.1.x including 4.1.1, 4.1.2, 4.1.3,
4.1.3c, and all versions of Solaris 2.x including Solaris 2.1
(SunOS 5.1) and Solaris 2.2 (SunOS 5.2). Sun is addressing this
problem in Solaris 2.3.
A. Description
/dev/audio is set to a default mode of 666. There is also no
indication to the user of the system that the microphone is on.
B. Impact
Any user with access to the system can eavesdrop on conversations
held in the vicinity of the microphone.
C. Solution
To prevent unauthorized listening with the microphone, the
permissions of the audio data device (/dev/audio) should allow
only the user logged in on the console of the machine to read
/dev/audio. To prevent unauthorized changes in playback and record
settings, the permissions on /dev/audioctl should be similarly
changed.
*** Any site seriously concerned about the security risks
associated with the microphone should either switch off the
microphone, or unplug the microphone to prevent unauthorized
listening. ***
1. Restricting access on 4.x systems
Use fbtab(5) to restrict the access to these devices. See the
man page for more information about this procedure.
2. Restricting access on Solaris 2.x systems
To restrict access to these devices to a specific users, the
permissions on the device files must be manually changed.
As root:
# chmod 600 /dev/audio
# chown <console user's username>.<desired group> /dev/audio
# chmod 600 /dev/audioctl
# chown <console user's username>.<desired group> /dev/audio
- ---------------------------------------------------------------------------
The CERT Coordination Center wishes to thank Paul De Bra, Department
of Computing Science, Eindhoven University of Technology; David Slade of
Bellcore; and Mabry Tyson of SRI for reporting these vulnerabilities, and
Sun Microsystems, Inc. for their response to these problems.
- ---------------------------------------------------------------------------
==============================================================================
==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).
All CERT-NL material is available under:
http://cert.surfnet.nl/
In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).
CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS
Phone: +31 302 305 305 BUSINESS HOURS ONLY
Fax: +31 302 305 329 BUSINESS HOURS ONLY
Snailmail: SURFnet bv
Attn. CERT-NL
P.O. Box 19035
NL - 3501 DA UTRECHT
The Netherlands
NOODGEVALLEN: 06 22 92 35 64 ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i
iQA/AwUBOL6WCTSYjBqwfc9jEQLMUACg8ixFn6c+m7zy7JUXTZxg3o7GrokAoOqH
8yC8XxKdvW0H8Pkrt4lXTzyG
=H4vQ
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed