e-01.sun-sendmail-tar-audio-vul
2f5b96aef2dda2af229585decc4ef8c2f976ebd9dc8044784b69895733c02def _____________________________________________________
The Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
_____________________________________________________
ADVISORY NOTICE
(1) Security vulnerability in sendmail under SunOS 4.1.x and 5.x
(2) Security vulnerability in tar under SunOS 5.x
(3) Potential misuse of Sun microphones
October 21, 1993 1130 PDT Number E-01
__________________________________________________________________________
(1) Security vulnerability in sendmail under SunOS 4.1.x and 5.x
PROBLEM: Remote users may access system files using sendmail.
PLATFORM: SunOS 4.1.x and SunOS 5.x (Solaris 2.x).
DAMAGE: Unauthorized access to system files.
SOLUTION: Apply appropriate patch from Sun.
__________________________________________________________________________
Critical Information about Security Vulnerability in sendmail
The /usr/lib/sendmail utility under SunOS 4.1.x and SunOS 5.x permits
unauthorized access to some system files by remote users. This access may
allow compromise of the system. Note that this vulnerability is being
actively exploited. CIAC strongly recommends that sites take immediate
corrective action.
Sun Microsystems has released patched versions of the sendmail program
for all affected versions of SunOS:
BSD SVR4
System Patch ID Filename Checksum Checksum
----------- --------- --------------- --------- ----------
SunOS 4.1.x 100377-07 100377-07.tar.Z 36122 586 11735 1171
SunOS 5.1 100840-03 100840-03.tar.Z 01153 194 39753 388
SunOS 5.2 101077-03 101077-03.tar.Z 49343 177 63311 353
The checksums shown above are from the BSD-based checksum (on SunOS 4.1.x,
/bin/sum; on SunOS 5.x, /usr/ucb/sum) and from the SVR4 version that Sun
has released on SunOS 5.x (/usr/bin/sum).
Individuals with support contracts may obtain these patches from their
local Sun Answer Center or from SunSolve Online. Security patches are
also available without a support contract via anonymous FTP from
ftp.uu.net (IP 192.48.96.9) in the directory /systems/sun/sun-dist.
__________________________________________________________________________
(2) Security vulnerability in tar under SunOS 5.x
PROBLEM: Archives created with the tar utility contain extraneous
user information.
PLATFORM: SunOS 5.x (Solaris 2.x).
DAMAGE: User and system information may be unintentionally disclosed.
SOLUTION: Apply appropriate patch from Sun.
__________________________________________________________________________
Critical Information about Security Vulnerability in tar
Archive files created with the /bin/tar utility under SunOS 5.x contain
extraneous user information from the /etc/passwd and /etc/group files.
Note that the extraneous data does not include user passwords; however,
system configuration and user information may be unintentionally disclosed
should the archive files be distributed.
Sun Microsystems has released patched versions of the tar utility for all
affected versions of SunOS. The patched tar utility produces archive
files in the same format as all other versions; but any extraneous data is
set to zero. Restoring an existing archive file to disk, and then creating
a new file with the patched tar, will result in a clean archive file with
no extraneous data.
BSD SVR4
System Patch ID Filename Checksum Checksum
--------- --------- --------------- --------- ---------
SunOS 5.1 100975-02 100975-02.tar.Z 37034 374 13460 747
SunOS 5.2 101301-01 101301-01.tar.Z 22089 390 4703 779
The checksums shown above are from the BSD-based checksum (on SunOS 4.1.x,
/bin/sum; on SunOS 5.x, /usr/ucb/sum) and from the SVR4 version that Sun
has released on SunOS 5.x (/usr/bin/sum).
Individuals with support contracts may obtain these patches from their
local Sun Answer Center or from SunSolve Online. Security patches are
also available without a support contract via anonymous FTP from
ftp.uu.net (IP 192.48.96.9) in the directory /systems/sun/sun-dist.
__________________________________________________________________________
(3) Potential misuse of Sun microphones
PROBLEM: Microphones on Sun workstations may be used for eavesdropping.
PLATFORM: SunOS 4.1.x and SunOS 5.x (Solaris 2.x).
DAMAGE: Access to conversations held near the computer.
SOLUTION: Disconnect microphone or apply software solution described
below.
__________________________________________________________________________
Critical Information about Misuse of Sun Microphones
Sun Microsystems has released information regarding the potential for
microphones attached to Sun workstations to be used to eavesdrop on
conversations near the computer. Software solutions to reduce the risk
are described below. Note, however, that CIAC strongly recommends
microphones on systems in sensitive areas be either physically switched
off or disconnected from the system.
The initial permissions for the audio data device, /dev/audio, allow any
user with an account on the system to listen with the microphone when it
is turned on. Also, the permissions for the audio control device,
/dev/audioctl, allow anyone to vary playback and record settings such as
volume.
Unauthorized use of the system's audio devices may be prevented by
changing the permissions and ownership of /dev/audio and /dev/audioctl.
On SunOS 4.x systems, the /etc/fbtab file may be used to automatically
control access to the audio devices. As root, add the following lines
to the end of the fbtab file:
/dev/console 0600 /dev/audio
/dev/console 0600 /dev/audioctl
On SunOS 5.x (Solaris 2.x) systems, the file permissions must be manually
changed. As root, execute the following commands, specifying the username
of the individual that should have access to the microphone:
# chmod 600 /dev/audio*
# chown <desired username> /dev/audio*
______________________________________________________________________
CIAC would like to thank Mark Graff and Sun Microsystems, Inc. for the
information used in this bulletin.
______________________________________________________________________
For additional information or assistance, please contact CIAC at
(510) 422-8193 or send E-mail to ciac@llnl.gov. FAX messages to
(510) 423-8002.
Previous CIAC Bulletins and other information are available via anonymous
FTP from irbis.llnl.gov (IP address 128.115.19.60).
PLEASE NOTE: Many users outside of the DOE and ESnet computing communities
receive CIAC bulletins. If you are not part of these communities, please
contact your agency's response team to report incidents. Your agency's team
will coordinate with CIAC. The Forum of Incident Response and Security Teams
(FIRST) is a world-wide organization. A list of FIRST member organizations
and their constituencies can be obtained by sending email to
docserver@first.org with an empty subject line and a message body containing
the line: send first-contacts.
This document was prepared as an account of work sponsored by an agency of
the United States Government. Neither the United States Government nor the
University of California nor any of their employees, makes any warranty,
expressed or implied, or assumes any legal liability or responsibility for
the accuracy, completeness, or usefulness of any information, product, or
process disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products, process,
or service by trade name, trademark manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation, or favoring
by the United States Government or the University of California. The views
and opinions of authors expressed herein do not necessarily state or reflect
those of the United States Government nor the University of California, and
shall not be used for advertising or product endorsement purposes.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed