exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

c-06.ciac-sunos-fsirand-nfs-problem

c-06.ciac-sunos-fsirand-nfs-problem
Posted Sep 23, 1999

c-06.ciac-sunos-fsirand-nfs-problem

systems | solaris
SHA-256 | 92e038c7e2e4db35b9edb5916db5cfc3ff921c1c9bc252aecc1bdf9507f7a217

c-06.ciac-sunos-fsirand-nfs-problem

Change Mirror Download
         _____________________________________________________
Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
_____________________________________________________
Information Bulletin

Security Problem in SunOS fsirand Program

November 12, 1991, 1100 PDT Number C-6

_________________________________________________________________________
PROBLEM: fsirand (random number generator) program could potentially
allow the guessing of NFS file handles
PLATFORM: SunOS 4.1.1 systems using NFS to export file systems.
DAMAGE: Allows potential unauthorized access to published file systems
SOLUTIONS: Apply patches as described below
_________________________________________________________________________
Critical Facts about Problem with SunOS fsirand Program

Sun Microsystems has recently released a bulletin describing a security
problem (Sun Bug ID 1063470) in the fsirand (random number generator)
program in SunOS 4.1.1. This problem allows a potential intruder to
guess NFS file handles, which could result in unauthorized access to
published NFS file systems. Sun Microsystems has developed a patched
version of fsirand (Sun Patch ID 100424-01) that provides greater
randomness to the random number generator's seed. Sun's bulletin
also provides the following information:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This patch should only be applied in conjunction with the latest
version of the NFS jumbo patch, currently 100173-07 for SunOS 4.1.1.
The NFS jumbo patch must be applied before the fsirand patch. NFS
jumbo and fsirand patches are being developed and tested for SunOS
4.0.3 and 4.1. An announcement will be made when these patches are
available.

In order to maintain a level of minimum security requirements on your
Sun gateway systems, please note the suggestions that follow. Users
may also wish to follow the advice given below for their other file
servers that may be connected to potentially untrusted machines over a
network.

Sun recommends that you upgrade your version of SunOS to the most
recent available (currently SunOS 4.1.1), since many improvements to
the security of your system have been integrated into the most recent
base operating system. In addition, you should install all security
related patches applicable to your current version of SunOS.

Sun suggests that you apply this patch and the NFS jumbo patch to your
server if it is a gateway machine or if it exports critical file
systems and is accessible across a potentially untrusted network (e.g.
the Internet). Please refer to the README of patch 100424-01 for
additional details. The fsirand fixes have been incorporated into
SYS_V Rel 4.

After applying this patch, /usr/etc/fsirand (see man page fsirand(8))
should be run on all potentially exportable partitions. Follow this
with a system reboot to complete the installation of random inode
generation numbers.

Gateway machines should also apply Patch-ID# 100296-02, which fixes the
mountd problem that allows an unprivileged client to take advantage of
character strings in /etc/hosts and /etc/netgroup that are equal to or
greater than 256.

It is also strongly advised that /etc/exports (exports(5)) files on
servers be examined and modified, if necessary, to permit only the
level of file sharing that is necessary. The exports(5) file allows an
administrator to limit the access (and type of access) of exported
directories to specific client machines. For example, a directory can
be exported read-only and root access can be granted to a specified set
of clients only.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If you obtain the patch from uunet (as described above), use the
following command to verify the downloaded patch from uunet.uu.net:

> sum 100424-01.tar.Z

The result should be:

63070 50

If you do not obtain the above result after entering the sum command,
contact Sun or CIAC to obtain new checksum values.

For additional information or assistance, please contact CIAC:

Tom Longstaff
(510) 423-4416** or (FTS) 543-4416
longstaf@llnl.gov

Send e-mail to ciac@llnl.gov or call CIAC at (510) 422-8193** or
(FTS) 532-8193.

**Note area code has changed from 415, although the 415 area code will
work until Jan. 1992.

Sun Microsystems provided some of the information contained in this
bulletin. Neither the United States Government nor the University of
California nor any of their employees, makes any warranty, expressed or
implied, or assumes any legal liability or responsibility for the
accuracy, completeness, or usefulness of any information, product, or
process disclosed, or represents that its use would not infringe
privately owned rights. Reference herein to any specific commercial
products, process, or service by trade name, trademark manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government nor the University of California, and shall not be used for
advertising or product endorsement purposes.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close