_____________________________________________________
              The Computer Incident Advisory Capability
                          ___  __ __    _     ___
                         /       |     / \   /
                         \___  __|__  /___\  \___
         _____________________________________________________
                          Information Bulletin
 
  New patch #100383-03 available for /usr/ucb/rdist on SunOS systems
 
November 22, 1991, 1200 PST             Number C-8

_________________________________________________________________________
PROBLEM: A new bug discovered in /usr/ucb/rdist may allow users to
  gain root privilege
PLATFORM: All supported Sun architectures and operating system versions
DAMAGE: Allows unauthorized root access with unrestricted access to the 
  system
SOLUTION: Apply patch 100383-03 available from Sun or ftp.uu.net
_________________________________________________________________________
              Critical Facts about /usr/ucb/rdist patch

Sun Microsystems has recently released a security bulletin #00113
describing a new patch available for SunOS systems.  This patch closes
a vulnerability in the /usr/ucb/rdist program that could allow an
intruder to gain root access to the system by creating a setuid root
shell.

This patch, and all others Sun patches are available through your
local Sun answer centers worldwide as well as through anonymous ftp:
in the US, ftp to ftp.uu.net and obtain the patch from the
~ftp/sun-dist directory; in Europe, ftp to mcsun.eu.net and obtain the
patch from the ~ftp/sun/fixes directory.  The patch must be retrieved
in binary mode, then uncompressed at the local system.  The checksum
of compressed tarfile 100383-03.tar.Z on ftp.uu.net is 50273 163.
This patch file includes new versions of the /usr/ucb/rdist program
for SunOS 4.1.1, 4.1, and 4.0.3 for all supported hardware platforms.

To install the patch on your system, follow the instructions available
in the README file which accompanies the patch files.  If you do not
use the rdist command on your system, Sun recommends that you change
the permissions of the /usr/ucb/rdist file using the following command
(as root):

  chmod 0100 /usr/ucb/rdist

For additional information or assistance, please contact CIAC:

     David Brown
     (510)423-9878** or (FTS) 543-9878
     (FAX) (510) 423-8002** or (FTS) 543-8002
     dsbrown@llnl.gov    

Send e-mail to ciac@llnl.gov or call CIAC at 

     (510) 422-8193**/(FTS)532-8193.  

**Note area code has changed from 415, although the 415 area code will
work until Jan. 1992.

PLEASE NOTE:  Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents.  Some of the other teams include the NASA NSI response team,
DARPA's CERT/CC, NAVCIRT, and the Air Force response team.  Your
agency's team will coordinate with CIAC.

CIAC would like to thank Ken Pon at Sun Microsystems for providing
some of the information described in this bulletin.  Neither the
United States Government nor the University of California nor any of
their employees, makes any warranty, expressed or implied, or assumes
any legal liability or responsibility for the accuracy, completeness,
or usefulness of any information, product, or process disclosed, or
represents that its use would not infringe privately owned rights.
Reference herein to any specific commercial products, process, or
service by trade name, trademark manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation, or
favoring by the United States Government or the University of
California.  The views and opinions of authors expressed herein do not
necessarily state or reflect those of the United States Government nor
the University of California, and shall not be used for advertising or
product endorsement purposes.