exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

a-05.ciac-sun-rpc

a-05.ciac-sun-rpc
Posted Sep 23, 1999

a-05.ciac-sun-rpc

SHA-256 | d9c6d44f3f296bc95cd36e3e1889a38a2a28052643c15acdbfc327c90b4611ef

a-05.ciac-sun-rpc

Change Mirror Download

________________________________________________________________
THE COMPUTER INCIDENT ADVISORY CAPABILITY

CIAC

ADVISORY NOTICE
________________________________________________________________
Information about a new vulnerability in the SUN rcp utility

November 1, 1989, 1615 PST
Number A-5

CIAC has learned of a new vulnerability in the SunOS 4.0.x rcp
utility (Sun Bug Report number 1017314). This is a different
vulnerability from the rcp vulnerability described in the CIAC
bulletin of August 21, 1989.

This new vulnerability can be exploited by any other trusted host
listed in /etc/hosts.equiv or /.rhosts. This hole can be ex-
ploited by anyone running NFS (Network File System), and in par-
ticular by someone who is using a PC to run PC/NFS. This new rcp
hole affects only SunOS 4.0.x systems; 3.5 systems are not
affected.

Sun Microsystems will distrubute a patch for this vulnerability
when version SunOS 4.1 is released. In the meantime, CIAC recom-
mends that you use the following workaround:

Change the 'nobody'/etc/passwd file entry from

nobody:*:-2:-2::/:

to

nobody:*:65534:65534:Mismatched NFS ID's:/:

If you have already used another workaround for this vulnerability,
please be advised that other workarounds may cause unexpected sys-
tem behavior. Several incorrect workarounds have already been dis-
tributed by organizations outside of DOE.

If you need further information about this problem, please contact:

Ana Maria De Alvare', (415) 422-7007 or FTS 532-7007
or
(415) 422-8193 or FTS 532-8193

or send electronic mail to: ciac@tiger.llnl.gov

CIAC FAX: (415) 422-4294 or FTS 532-4294


P.S.--CIAC also advises that if you run SunOS 4.0.3, you should re-
move the + in the /etc/hosts.equiv file unless you are running YP.
(This information is not related to any rcp vulnerability.)


This notice has been sent to the following persons:

Alexander, D. (LANL)
Allender, C. (Stone & Webster)
Baker, A. (LANL CCS)
Baker, D. (Richland Operations)
Banda, M. (UC Medical Center)
Barcysk, J. (Pinellas Area Office)
Barnes, D. (Princeton Plasma Physics)
Beck, C. (Argonne West)
Berg, T. (SAN)
Best, M.D. (Holmes & Narver)
Breault, L. (DP-34)
Brooks, S. (Boeing Petroleum)
Brown, R. (EG&G Idaho)
Bryan, F. (Naval Petroleum Reserve)
Burkmar, W. (Computer Data Systems)
Byrd, C. (Kansas City Area Office)
Clouse, B. (Chicago Operations)
Cole, C. (LLNL)
Combs, T. (Allied-Signal)
Cox, T. (Stanford Synchrotron)
Craig, J. (Morgantown Energy)
Cyganowski, W. (SAN)
D'Andrea, R. (Grand Junction)
Delmastro, A. (Pittsburgh Energy)
Diel, J. (Inhalation Toxology Research)
Dolven, L. (Rockwell INEL)
Downing, D. (SLAC)
Duncan, R. (Computer Data Systems)
Eckerson, F. (Nevada Operations)
Edmundson, C. (KMS Fusion)
Elder, R. (Bettis)
Endler, R. (Savannah River Operations)
Faux-Burhans, D. (DP-34)
Favaron, P. (Neutron Devices)
Ference, J. (West Valley Nuclear Services)
Ferguson, C. (Alaska Power Admin.)
Fish, J. (Hanford Env't Health)
Fluckinger, J.D. (PNL)
Folkendt, S. (Sandia-Livermore)
Fraser, G. (Rocky Flats)
Furner, K. (Kaiser Hanford)
Gault, J. E. (Reynolds Electric)
Gibson, J. (Westinghouse Ohio)
Glock, T. (Pittsburgh Naval Reactors)
Gurth, R. (Westinghouse Hanford)
Haldy, J. (Pittsburgh Naval Reactors)
Hann, H. (Idaho Operations)
Hardwick, R. (SAIC)
Hercamp, A. (Bonneville Power)
Herhold, J. (EG&G Nevada)
Hileman, M. (EG&G Nevada)
Hodder, N. (GA Technologies)
Johnston, B. (PNL)
Jones, D. C. (Sandia-Albuquerque)
Jones, L. (Bonneville Power)
Kauffman, S. (Naval Reactors)
Kessler, H. R. (Albuquerque Operations)
Kilcrease, L. (MSE)
Klafke, J. (Albuquerque Operations)
Kramer, J. (Chicago Operations)
Kramer, K. (Chicago Operations)
Madden, T. (Savannah River Operations)
Marsden, L. (Westinghouse Idaho)
McGrath, J. (KMS Fusion)
Meadows, B. (SRP)
Munyon, W. (Energy Technology Eng.)
Neal, B. (Southeastern Power)
Nicolayeff, N. (Idaho Operations)
Niziol, E. (Oak Ridge Operations)
O'Doherty, R. (Solar Energy Research)
Oldis. P. (CSC)
Orton, J. (Westinghouse Hanford)
Parish, S. (Wackenhut)
Penny, S. K. (ORNL)
Pfister, J. (Fermi)
Phillips, R. E. (Albuquerque Operations)
Pielich, G. (Nuclear Fuel Services)
Pohlig, P. (BNL)
Provencher, D. (Schenectady)
Przysucha, J. (MA-24)
Purnell, R. (Southwestern Power)
Richards, J. (Computer Data Systems)
Rosenbloom, H. (LANL CCS)
Runge, L. (BNL)
Sanchez, A. (Stretegic Petroleum Reserves)
Scharping, R. (Argonne)
Schumann, M. (Rocky Flats Area Office)
Shepherd, J. (DP-34)
Shoop, D. (MSE)
Sibert, P. (MA-24)
Simms, G. S. (Pantex)
Smith, B. (Boeing Petroleum)
Sohnholz, R. (WAPA)
Sorter, B. (EG&G Idaho)
Stahl, T. (Computer Data Systems)
Stevens, D. (LBL)
Stollings, C. (Martin Marietta)
Strazisar, A. (Pittsburgh Energy)
Surface, R. (Albuquerque Operations)
Terrell, R. (OSTI)
Teska, R. G. (Kansas City Area Office)
Tilton, L. (Dayton Area Office)
Troyer, J. (Argonne)
Warmoth, E. (EG&G Mound)
Watson, B. (Oak Ridge Operations)
Whyte, J. (Wackenhut)
Wilson, W. (Sandia-Livermore)
Zeilman, T. (Holmes & Narver)
Zuyus, P. (Naval Petroleum Reserves)

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close