exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

c-12.ciac-hp-apollo-crp-vulnerability

c-12.ciac-hp-apollo-crp-vulnerability
Posted Sep 23, 1999

c-12.ciac-hp-apollo-crp-vulnerability

SHA-256 | 66c579ece2093fd7296669354c42d362e12b26c79cbc624a6674956da31c7fdb

c-12.ciac-hp-apollo-crp-vulnerability

Change Mirror Download
          _____________________________________________________
The Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
_____________________________________________________
Information Bulletin

Hewlett Packard/Apollo Domain/OS crp Vulnerability

December 20, 1991 1000 PST Number C-12
_________________________________________________________________________
PROBLEM: The crp facility on Domain/OS systems is vulnerable to
network attack
PLATFORM: Hewlett Packard/Apollo Domain/OS SR10 systems through
version SR10.3 (both UNIX and AEGIS systems are affected)
DAMAGE: An authorized user at a remote or local site can obtain the
privileges of the user running crp on a Domain/OS system
SOLUTION: The workaround provided below should be applied to all
Domain/OS systems supporting crp until a patch is available
from HP/Apollo.
__________________________________________________________________________
Critical Facts about crp vulnerability

CIAC has learned of a workaround to a vulnerability which exists in
the Hewlett Packard/Apollo (HP/Apollo) Domain/OS crp facility.
Failure to close this vulnerability may allow an unauthorized
remote or local user to obtain the privileges of a user running crp
on a Domain/OS system. Both the UNIX and AEGIS version of the
Domain/OS systems are affected by this vulnerability. A patch is
under development by HP/Apollo and should be available in the SR10.3
patch tape (planned release is February 1992). This patch will be
incorporated in the next major release of HP/Apollo Domain/OS.

Until the patch is available from the vendor, CIAC recommends that all
HP/Apollo Domain/OS systems apply the following workaround. This
workaround will disable two system calls made by /usr/apollo/bin/crp.
Consequently, the functionality of various software programs may be
affected, since the workaround will disable the ability to define
programmable function keys, create new windows on the client node, or
execute background processes using the Display Manager interface.

In the description of the workaround below, the specific commands
applicable to the UNIX or AEGIS version of Domain/OS will be
identified.

1. Create a file "crplib.c" containing the following:

extern void pad_$dm_cmd(void);
void pad_$dm_cmd() { }
extern void pad_$def_pfk(void);
void pad_$def_pfk() { }

2. Compile this program using the '-pic' option of the C compiler

(AEGIS) /com/cc crplib.c -pic
(UNIX) /bin/cc -c crplib.c -WO -pic

3. Copy the resulting library to /lib/crplib or other standard
library location on the system and change the permission on
the file to allow user to link to the library

(AEGIS) /com/cpf crplib.bin /lib/crplib
(AEGIS) /com/edacl -p root prwx -g wheel rx -w rx /lib/crplib

(UNIX) /bin/cp crplib.o /lib/crplib
(UNIX) /bin/chmod 755 /lib/crplib

4. Replace the original crp facility with a script that will do
an 'inlib' of the created library file before running crp.

(AEGIS) /com/chn /usr/apollo/bin/crp crp.orig
(UNIX) /bin/mv /usr.apollo/bin/crp /usr/apollo/bin/crp.orig

5. Create a file '/usr/apollo/bin/crp' containing the following:

(AEGIS)
#!/com/sh
/com/sh -c inlib /lib/crplib ';' /usr/apollo/bin/crp.orig^*
(UNIX)
#!/bin/sh
inlib /lib/crplib
exec /usr/apollo/bin/crp.orig "$@"

6. Change the permissions on this script file to make it
accessible to users on the system as a replacement for the
original crp facility

(AEGIS) /com/edacl -p root prwx -g wheel rx -w rx /usr/apollo/bin/crp
(UNIX) /bin/chmod 755 /usr/apollo/bin/crp


For additional information or assistance, please contact CIAC:

Tom Longstaff
(510)423-4416** or (FTS) 543-4416
longstaf@llnl.gov

(FAX) (510) 423-8002** or (FTS) 543-8002

Send e-mail to ciac@llnl.gov or call CIAC at (510) 422-8193**/(FTS)532-8193.

**Note area code has changed from 415, although the 415 area code will
work until Jan. 1992.

PLEASE NOTE: Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Some of the other teams include the NASA NSI response team,
DARPA's CERT/CC, NAVCIRT, and the Air Force response team. Your
agency's team will coordinate with CIAC.

CIAC would like to thank the Computer Emergency Response
Team/Coordination Center (CERT/CC) for some of the material provided
in this bullein. Neither the United States Government nor the
University of California nor any of their employees, makes any
warranty, expressed or implied, or assumes any legal liability or
responsibility for the accuracy, completeness, or usefulness of any
information, product, or process disclosed, or represents that its use
would not infringe privately owned rights. Reference herein to any
specific commercial products, process, or service by trade name,
trademark manufacturer, or otherwise, does not necessarily constitute
or imply its endorsement, recommendation, or favoring by the United
States Government or the University of California. The views and
opinions of authors expressed herein do not necessarily state or
reflect those of the United States Government nor the University of
California, and shall not be used for advertising or product
endorsement purposes.


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close