f-01.ciac-SGI-IRIX-serial-ports
6fe325ba66f1892ddd720f28f48546b8faea564b706d6e16a4801a157ceb2a4b
_____________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
_____________________________________________________
ADVISORY NOTICE
SGI IRIX serial_ports Vulnerability
October 4, 1994 1600 PDT Number F-01
_____________________________________________________________________________
PROBLEM: A vulnerability exists in /usr/lib/vadmin/serial_ports.
PLATFORM: SGI IRIX Version 4.X and 5.X.
DAMAGE: Unauthorized users can elevate their privileges to root.
SOLUTION: Change the permissions on /usr/lib/vadmin/serial_ports.
_____________________________________________________________________________
VULNERABILITY An exploitation script for this vulnerability has been widely
ASSESSMENT: distributed on the Internet. Affected sites should install
this fix as soon as possible.
_____________________________________________________________________________
Critical Information about IRIX serial_ports
CIAC has received information about a vulnerability in the Silicon Graphics
IRIX operating system. The file /usr/lib/vadmin/serial_ports contains a
vulnerability which can allow a non-privileged user to become root.
IRIX Version 4.X
This program is used to set up serial ports in IRIX Version 4.X. CIAC
strongly recommends that the permissions on this file be modified
by performing the following command as root:
# /bin/chmod 700 /usr/lib/vadmin/serial_ports
This will remove the vulnerability. Since this program is used only to
configure the serial ports on an IRIX 4.X system, changing the permissions
will not affect any functionality of the system involved.
IRIX Version 5.X
This program is not used in IRIX Version 5.X, but the vulnerability may be
present if the method used to upgrade from Version 4.X did not remove the
file. CIAC strongly recommends that if you are running Version 5.X check to
see if /usr/lib/vadmin/serial_ports is present on your system, and if it is,
delete it. The equivalent program /usr/Cadmin/bin/cports on Version 5.X of
IRIX does not exhibit the vulnerability.
SGI has requested that CIAC include their internal Advisory number for this
vulnerability to assist anyone contacting them. This number is
19941001-01-P.
_____________________________________________________________________________
CIAC wishes to thank the AUSCERT and Silicon Graphics, Inc. for their quick
response to this problem.
_____________________________________________________________________________
For additional information or assistance, please contact CIAC:
Voice: 510-422-8193
FAX: 510-423-8002
STU-III: 510-423-2604
E-mail: ciac@llnl.gov
Previous CIAC Bulletins and other information are available via anonymous FTP
from ciac.llnl.gov (IP address 128.115.19.53).
CIAC has several self-subscribing mailing lists for electronic publications:
1. CIAC-BULLETIN for Advisories, highest priority - time critical
information, and Bulletins, important computer security information;
2. CIAC-NOTES for Notes, a collection of computer security articles;
3. SPI-ANNOUNCE for official news about Security Profile Inspector (SPI)
software updates, new features, distribution and availability;
4. SPI-NOTES, for discussion of problems and solutions regarding the use of
SPI products.
CIAC's mailing lists are managed by a public domain software package called
ListProcessor, which ignores E-mail header subject lines. To subscribe (add
yourself) to one of our mailing lists, send the following request as the
E-mail message body, substituting CIAC-BULLETIN, CIAC-NOTES, SPI-ANNOUNCE or
SPI-NOTES for "list-name" and valid information for "LastName" "FirstName"
and "PhoneNumber" when sending
E-mail to ciac-listproc@llnl.gov:
subscribe list-name LastName, FirstName PhoneNumber
e.g., subscribe ciac-notes O'Hara, Scarlett 404-555-1212 x36
You will receive an acknowledgment containing address, initial PIN, and
information on how to change either of them, cancel your subscription, or get
help.
_____________________________________________________________________________
PLEASE NOTE: Many users outside of the DOE and ESnet computing communities
receive CIAC bulletins. If you are not part of these communities, please
contact your agency's response team to report incidents. Your agency's team
will coordinate with CIAC. The Forum of Incident Response and Security Teams
(FIRST) is a world-wide organization. A list of FIRST member organizations
and their constituencies can be obtained by sending E-mail to
first-request@first.org with an empty subject line and a message body
containing the line: send first-contacts.
This document was prepared as an account of work sponsored by an agency of
the United States Government. Neither the United States Government nor the
University of California nor any of their employees, makes any warranty,
expressed or implied, or assumes any legal liability or responsibility for
the accuracy, completeness, or usefulness of any information, product, or
process disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products, process,
or service by trade name, trademark manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation, or favoring
by the United States Government or the University of California. The views
and opinions of authors expressed herein do not necessarily state or reflect
those of the United States Government nor the University of California, and
shall not be used for advertising or product endorsement purposes.