94-05a
51a49d922bc33d810b00ecfda0ffdfb27d216be51bd3833d48dbae26eaaa8293
=============================================================================
AA-94.05a AUSCERT Advisory
5-Oct-1994
SGI IRIX V4 and V5 serial_ports vulnerability
-----------------------------------------------------------------------------
*** This Advisory contains updated information ***
The Australian Computer Emergency Response Team has received information
that Version 4 of Silicon Graphics IRIX operating system contains a
vulnerability. This vulnerability may also exist on Version 5 systems.
This vulnerability allows a user on your system to elevate their privilege
level to root status.
1. Description
The /usr/lib/vadmin/serial_ports program contains a vulnerability that
allows a non-privileged user to gain root privileges. The program is
used to set up the serial ports on your SGI IRIX system.
The vulnerability only exists under Version 4 of IRIX. It was tested
and verified under V4.0.5a. The program serial_ports normally does not
exist under Version 5 of IRIX. The equivalent program
/usr/Cadmin/bin/cports on Version 5 of IRIX does not exhibit the
vulnerability. However, some upgrade paths from Version 4 to Versio 5
may inadvertantly leave the serial_ports program on the system, and in
a vulnerable state.
The information on how to exploit this vulnerability has been widely
published. It is recommended that the action in Section 3 be applied
immediately.
Silicon Graphics have requested that their internal advisory number be
included in any correspondance that sites may have when requesting
assistance from SGI. This number is 19941001-01-P.
2. Impact
Any non-privileged user logged in on your system may gain root
privileges.
3. Proposed Solutions
This solution need only be applied to IRIX Version 4 systems, or
Version 5 systems that still contain the serial_ports program.
The /usr/lib/vadmin/serial_ports program is used to initialise the data
files for the serial ports on your system.
It can be disabled by typing the following command as root:
# /bin/chmod 700 /usr/lib/vadmin/serial_ports
If you are not using the serial ports on your IRIX Version 4 system,
then you can safely disable this program. This program has been
superseded by /usr/Cadmin/bin/cports on Version 5 and therefore, is no
longer required.
If you are using serial ports and do not wish to change the
configuration of those ports, then you can disable this program.
If you intend changing the serial port configuration, you can still
disable the serial_ports program. The change the serial port
configuration, you can run the serial_ports program as root.
----------------------------------------------------------------------------
The AUSCERT team wishes to thank Jeffrey Olds of Silicon Graphics for his
advice and cooperation in this matter.
----------------------------------------------------------------------------
If you believe that your system has been compromised, contact AUSCERT or your
representative in FIRST (Forum of Incident Response and Security Teams).
AUSCERT is the Australian Computer Emergency Response Team, funded by the
Australian Academic Research Network (AARNet) for its members. It is
located at The University of Queensland within the Prentice Centre.
AUSCERT is a full member of the Forum of Incident Response and Security
Teams (FIRST).
AUSCERT maintains an anonymous FTP service which is currently based at
ftp.sert.edu.au:/security. This archive contains past SERT and AUSCERT
Advisories, and other computer security information.
Internet Email: auscert@auscert.org.au
Facsimile: (07) 365 4477
Telephone: (07) 365 4417 (International: +61 7 365 4417)
AUSCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
Postal:
Australian Computer Emergency Response Team
c/- Prentice Centre
The University of Queensland
Brisbane
Qld. 4072.
AUSTRALIA