_____________________________________________________
             The Computer Incident Advisory Capability
                         ___  __ __    _     ___
                        /       |     / \   /
                        \___  __|__  /___\  \___
        _____________________________________________________
                         Information Bulletin       
           
February 20, 1991, 1700 PST          Number B-13

              UNIX Security Problem with /bin/mail in SunOS
________________________________________________________________________
PROBLEM:  Bug in /bin/mail allows users unauthorized privileged access 
PLATFORM: SunOS 4.03, 4.1 and 4.1.1; Sun3, Sun3x, Sun4, Sun4c and
          Sun4/490_4.1_PSR_A  architectures 
DAMAGE:   Potential for significant damage once intruder has gained root
          access.  
PATCH:    Available through anonymous ftp from ftp.uu.net or from Sun
          (contact Sun at 1-800-USA4SUN for details).  
_______________________________________________________________________
                    Critical /bin/mail Bug Facts

A recently discovered vulnerability in SunOS bin/mail allows an
intruder to obtain unauthorized access to a root shell.  This
vulnerability applies to versions 4.0.3, 4.1, and 4.1.1 of SunOS
running on the Sun3, Sun3x, Sun4, Sun4c, and Sun4/490_4.1_PSR_A
architectures. Sun Microsystems has prepared a patch described in Sun
Microsystems Security Bulletin #00105.  The particulars are:

Patch ID: 100224-01
BugIDs fixed by this patch: 1045636 and 1047340
Availability: Anonymous FTP from ftp.uu.net:/sun-dist/100224-01.tar.Z
              Checksum of the compressed tarfile 100224-01.tar.Z = 64102  109
Patches Obsoleted: 100161-01
Obsoleted by: SysV Release 4

Patch installation instructions are as follows:

  (Login as root - you must have root access to apply this patch!)
  (Create a temporary directory and "cd" to it)
  (Use anonymous FTP to obtain the file sun-dist/100224-01.tar.Z from 
    ftp.uu.net)
  # uncompress 100224-01.tar
  # tar xvf 100224-01.tar
  # mv /bin/mail /bin/mail.old
  # cp $arch/$os/mail /bin/mail
   (where $arch is either sun3 sun4 sun4c or sun3x)
   (and where $os is either 4.0.3 4.1 or 4.1.1)
   ( change the permissions for the newly installed mail binary)
  # chmod 4755 /bin/mail
  (You will probably wish to delete the 100224-01.tar file and the
   files created by "de-tar-ing" 100224-01.tar at this time!)

For additional information or assistance, please contact CIAC   

  Hal R. Brand
  (415) 422-6312 or (FTS) 532-6312

  During working hours, call CIAC at (415) 422-8193 or (FTS)
  532-8193.  For non-working hour emergencies , call (415)
  422-7222 or (FTS) 532-7222 and ask for CIAC (this is a new
  emergency number).

  send FAX messages to:  (415) 423-0913 or (FTS) 543-0913

Tsutomu Shimomura and Sun Microsystems provided some of the information
contained in this bulletin.  Neither the United States Government nor
the University of California nor any of their employees, makes any
warranty,  expressed or implied, or assumes any legal liability or
responsibility for the accuracy, completeness, or usefulness of any
information, product, or process disclosed, or represents that its use
would not infringe privately owned rights.  Reference herein to any
specific commercial products, process, or service by trade name,
trademark manufacturer, or otherwise, does not necessarily constitute
or imply its endorsement, recommendation, or favoring by the United
States Government or the University of California.  The views and
opinions of authors expressed herein do not necessarily state or
reflect those of the United States Government nor the University of
California, and shall not be used for advertising or product
endorsement purposes.