what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

a-05.ciac-sun-rpc

a-05.ciac-sun-rpc
Posted Sep 23, 1999

a-05.ciac-sun-rpc

SHA-256 | d9c6d44f3f296bc95cd36e3e1889a38a2a28052643c15acdbfc327c90b4611ef

a-05.ciac-sun-rpc

Change Mirror Download

________________________________________________________________
THE COMPUTER INCIDENT ADVISORY CAPABILITY

CIAC

ADVISORY NOTICE
________________________________________________________________
Information about a new vulnerability in the SUN rcp utility

November 1, 1989, 1615 PST
Number A-5

CIAC has learned of a new vulnerability in the SunOS 4.0.x rcp
utility (Sun Bug Report number 1017314). This is a different
vulnerability from the rcp vulnerability described in the CIAC
bulletin of August 21, 1989.

This new vulnerability can be exploited by any other trusted host
listed in /etc/hosts.equiv or /.rhosts. This hole can be ex-
ploited by anyone running NFS (Network File System), and in par-
ticular by someone who is using a PC to run PC/NFS. This new rcp
hole affects only SunOS 4.0.x systems; 3.5 systems are not
affected.

Sun Microsystems will distrubute a patch for this vulnerability
when version SunOS 4.1 is released. In the meantime, CIAC recom-
mends that you use the following workaround:

Change the 'nobody'/etc/passwd file entry from

nobody:*:-2:-2::/:

to

nobody:*:65534:65534:Mismatched NFS ID's:/:

If you have already used another workaround for this vulnerability,
please be advised that other workarounds may cause unexpected sys-
tem behavior. Several incorrect workarounds have already been dis-
tributed by organizations outside of DOE.

If you need further information about this problem, please contact:

Ana Maria De Alvare', (415) 422-7007 or FTS 532-7007
or
(415) 422-8193 or FTS 532-8193

or send electronic mail to: ciac@tiger.llnl.gov

CIAC FAX: (415) 422-4294 or FTS 532-4294


P.S.--CIAC also advises that if you run SunOS 4.0.3, you should re-
move the + in the /etc/hosts.equiv file unless you are running YP.
(This information is not related to any rcp vulnerability.)


This notice has been sent to the following persons:

Alexander, D. (LANL)
Allender, C. (Stone & Webster)
Baker, A. (LANL CCS)
Baker, D. (Richland Operations)
Banda, M. (UC Medical Center)
Barcysk, J. (Pinellas Area Office)
Barnes, D. (Princeton Plasma Physics)
Beck, C. (Argonne West)
Berg, T. (SAN)
Best, M.D. (Holmes & Narver)
Breault, L. (DP-34)
Brooks, S. (Boeing Petroleum)
Brown, R. (EG&G Idaho)
Bryan, F. (Naval Petroleum Reserve)
Burkmar, W. (Computer Data Systems)
Byrd, C. (Kansas City Area Office)
Clouse, B. (Chicago Operations)
Cole, C. (LLNL)
Combs, T. (Allied-Signal)
Cox, T. (Stanford Synchrotron)
Craig, J. (Morgantown Energy)
Cyganowski, W. (SAN)
D'Andrea, R. (Grand Junction)
Delmastro, A. (Pittsburgh Energy)
Diel, J. (Inhalation Toxology Research)
Dolven, L. (Rockwell INEL)
Downing, D. (SLAC)
Duncan, R. (Computer Data Systems)
Eckerson, F. (Nevada Operations)
Edmundson, C. (KMS Fusion)
Elder, R. (Bettis)
Endler, R. (Savannah River Operations)
Faux-Burhans, D. (DP-34)
Favaron, P. (Neutron Devices)
Ference, J. (West Valley Nuclear Services)
Ferguson, C. (Alaska Power Admin.)
Fish, J. (Hanford Env't Health)
Fluckinger, J.D. (PNL)
Folkendt, S. (Sandia-Livermore)
Fraser, G. (Rocky Flats)
Furner, K. (Kaiser Hanford)
Gault, J. E. (Reynolds Electric)
Gibson, J. (Westinghouse Ohio)
Glock, T. (Pittsburgh Naval Reactors)
Gurth, R. (Westinghouse Hanford)
Haldy, J. (Pittsburgh Naval Reactors)
Hann, H. (Idaho Operations)
Hardwick, R. (SAIC)
Hercamp, A. (Bonneville Power)
Herhold, J. (EG&G Nevada)
Hileman, M. (EG&G Nevada)
Hodder, N. (GA Technologies)
Johnston, B. (PNL)
Jones, D. C. (Sandia-Albuquerque)
Jones, L. (Bonneville Power)
Kauffman, S. (Naval Reactors)
Kessler, H. R. (Albuquerque Operations)
Kilcrease, L. (MSE)
Klafke, J. (Albuquerque Operations)
Kramer, J. (Chicago Operations)
Kramer, K. (Chicago Operations)
Madden, T. (Savannah River Operations)
Marsden, L. (Westinghouse Idaho)
McGrath, J. (KMS Fusion)
Meadows, B. (SRP)
Munyon, W. (Energy Technology Eng.)
Neal, B. (Southeastern Power)
Nicolayeff, N. (Idaho Operations)
Niziol, E. (Oak Ridge Operations)
O'Doherty, R. (Solar Energy Research)
Oldis. P. (CSC)
Orton, J. (Westinghouse Hanford)
Parish, S. (Wackenhut)
Penny, S. K. (ORNL)
Pfister, J. (Fermi)
Phillips, R. E. (Albuquerque Operations)
Pielich, G. (Nuclear Fuel Services)
Pohlig, P. (BNL)
Provencher, D. (Schenectady)
Przysucha, J. (MA-24)
Purnell, R. (Southwestern Power)
Richards, J. (Computer Data Systems)
Rosenbloom, H. (LANL CCS)
Runge, L. (BNL)
Sanchez, A. (Stretegic Petroleum Reserves)
Scharping, R. (Argonne)
Schumann, M. (Rocky Flats Area Office)
Shepherd, J. (DP-34)
Shoop, D. (MSE)
Sibert, P. (MA-24)
Simms, G. S. (Pantex)
Smith, B. (Boeing Petroleum)
Sohnholz, R. (WAPA)
Sorter, B. (EG&G Idaho)
Stahl, T. (Computer Data Systems)
Stevens, D. (LBL)
Stollings, C. (Martin Marietta)
Strazisar, A. (Pittsburgh Energy)
Surface, R. (Albuquerque Operations)
Terrell, R. (OSTI)
Teska, R. G. (Kansas City Area Office)
Tilton, L. (Dayton Area Office)
Troyer, J. (Argonne)
Warmoth, E. (EG&G Mound)
Watson, B. (Oak Ridge Operations)
Whyte, J. (Wackenhut)
Wilson, W. (Sandia-Livermore)
Zeilman, T. (Holmes & Narver)
Zuyus, P. (Naval Petroleum Reserves)

Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close