=============================================================================
AA-94.05a      AUSCERT Advisory
         5-Oct-1994
      SGI IRIX V4 and V5 serial_ports vulnerability
-----------------------------------------------------------------------------

    *** This Advisory contains updated information ***

The Australian Computer Emergency Response Team has received information
that Version 4 of Silicon Graphics IRIX operating system contains a
vulnerability.  This vulnerability may also exist on Version 5 systems. 
This vulnerability allows a user on your system to elevate their privilege
level to root status.

1.  Description

    The /usr/lib/vadmin/serial_ports program contains a vulnerability that
    allows a non-privileged user to gain root privileges.  The program is
    used to set up the serial ports on your SGI IRIX system.

    The vulnerability only exists under Version 4 of IRIX.  It was tested
    and verified under V4.0.5a.  The program serial_ports normally does not
    exist under Version 5 of IRIX.  The equivalent program
    /usr/Cadmin/bin/cports on Version 5 of IRIX does not exhibit the
    vulnerability.  However, some upgrade paths from Version 4 to Versio 5
    may inadvertantly leave the serial_ports program on the system, and in
    a vulnerable state.

    The information on how to exploit this vulnerability has been widely
    published.  It is recommended that the action in Section 3 be applied
    immediately.

    Silicon Graphics have requested that their internal advisory number be
    included in any correspondance that sites may have when requesting
    assistance from SGI.  This number is 19941001-01-P.

2.  Impact

    Any non-privileged user logged in on your system may gain root
    privileges.

3.  Proposed Solutions

    This solution need only be applied to IRIX Version 4 systems, or
    Version 5 systems that still contain the serial_ports program.

    The /usr/lib/vadmin/serial_ports program is used to initialise the data
    files for the serial ports on your system.

    It can be disabled by typing the following command as root:

    # /bin/chmod 700 /usr/lib/vadmin/serial_ports

    If you are not using the serial ports on your IRIX Version 4 system,
    then you can safely disable this program.  This program has been
    superseded by /usr/Cadmin/bin/cports on Version 5 and therefore, is no
    longer required.

    If you are using serial ports and do not wish to change the
    configuration of those ports, then you can disable this program.

    If you intend changing the serial port configuration, you can still
    disable the serial_ports program.  The change the serial port
    configuration, you can run the serial_ports program as root.

----------------------------------------------------------------------------
The AUSCERT team wishes to thank Jeffrey Olds of Silicon Graphics for his
advice and cooperation in this matter.
----------------------------------------------------------------------------

If you believe that your system has been compromised, contact AUSCERT or your
representative in FIRST (Forum of Incident Response and Security Teams).

AUSCERT is the Australian Computer Emergency Response Team, funded by the
Australian Academic Research Network (AARNet) for its members.  It is
located at The University of Queensland within the Prentice Centre.
AUSCERT is a full member of the Forum of Incident Response and Security
Teams (FIRST).

AUSCERT maintains an anonymous FTP service which is currently based at
ftp.sert.edu.au:/security.  This archive contains past SERT and AUSCERT
Advisories, and other computer security information.

Internet Email:  auscert@auscert.org.au
Facsimile:  (07) 365 4477
Telephone:  (07) 365 4417 (International: +61 7 365 4417)
    AUSCERT personnel answer during Queensland business hours
    which are GMT+10:00 (AEST).
    On call after hours for emergencies.

Postal:
Australian Computer Emergency Response Team
c/- Prentice Centre
The University of Queensland
Brisbane
Qld.  4072.
AUSTRALIA