exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SUN MICROSYSTEMS SECURITY BULLETIN: #00121

SUN MICROSYSTEMS SECURITY BULLETIN: #00121
Posted Jan 19, 1994

Patch advisory for Sun Microsystems. Please read for details.

SHA-256 | 4f7c27b45bf433e918f00ff8c93b38e966fe45bbb0500794213c541732a478fc

SUN MICROSYSTEMS SECURITY BULLETIN: #00121

Change Mirror Download
SUN MICROSYSTEMS SECURITY BULLETIN: #00121, 29 June 93

==============================================================================

ABOUT THIS BULLETIN

This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.

Sun Microsystems expressly disclaims all liability for any misuse of
this information by any third party.
==============================================================================

BULLETIN TOPICS

I. New Patches
A. 101119-01 - SunOS 5.0 (Solaris 2.0): expreserve can be used to
overwite any file
B. 101089-01 - SunOS 5.1 (Solaris 2.1): expreserve can be used to
overwite any file
C. 101090-01 - SunOS 5.2 (Solaris 2.2): expreserve can be used to
overwite any file

II. Related Patches
A. 101080-01 - SunOS 4.1, 4.1.1, 4.1.2, 4.1.3: expreserve can be used to
overwite any file {Sun Security Bulletin #120, 10 June 1993)

III. Obtaining Patches

IV. Acknowledgments


SPECIAL NOTES:

1. The expreserve vulnerability is known to Sun to exist on SunOS 4.1,
4.1.1, 4.1.2, 4.1.3, 5.0/Solaris 2.0, 5.1/Solaris 2.1, and
5.2/Solaris 2.2.

2. Sun recommends that the expreserve utility be disabled immediately,
and that official Sun patches be installed to correct the problem.
To prevent use of the expreserve utility, execute the following
command as root:

/usr/bin/chmod a-x /usr/lib/expreserve

The expreserve command normally is used to recover vi editor files
when vi terminates unexpectedly. Disabling expreserve will disable
this recovery feature. Users of vi should be advised of this temporary
change and encouraged to save their work frequently.

3. Patch 101080-01, described in the Sun Security Bulletin #120 issued
10 June 1993, fixed the problem for SunOS 4.1, 4.1.1, 4.1.2, and 4.1.3,
and is still available from the sources described below. The README
file does not refer to SunOS 4.1 because the patch was released before
applicability of the patch to 4.1 was confirmed.

4. Patches 101119-01, 101089-01, and 101090-01 fix the problem for
5.0/Solaris 2.0, 5.1/Solaris 2.1, and 5.2/Solaris 2.2, and are now
available from the sources described below.

5. Due to the extraordinary recent publicity surrounding this
vulnerability, Sun decided NOT to delay the release of the first (4.x)
patch until the other (Solaris) patches were ready. Sun especially
regrets any inconvenience resulting from the split release.
==============================================================================

I. NEW PATCHES

A. Sun Patch ID: 101119-01, security problem with expreserve.
Sun Bug IDs: 1044909, 1083183
SunOS release: SunOS 5.0/Solaris 2.0
Synopsis: This patch fixes a problem in the expreserve program
which allows it to be used to overwrite any file. This
vulnerability can be used to obtain root access to the system.
Problem Description:
Bug 1044909 - race condition when file is created owned by root.
Bug 1083183 - expreserve can be used to overwite any file.

Checksum of compressed tarfile 101119-01.tar.Z on ftp.uu.net
BSD (on Solaris, /usr/ucb/sum; on 4.x, /bin/sum): 33222 27
SysV (on Solaris, /usr/bin/sum): 1839 54

B. Sun Patch ID: 101089-01, security problem with expreserve.
Sun Bug IDs: 1044909, 1083183
SunOS release: SunOS 5.1/Solaris 2.1
Synopsis: This patch fixes a problem in the expreserve program
which allows it to be used to overwrite any file. This
vulnerability can be used to obtain root access to the system.
Problem Description:
Bug 1044909 - race condition when file is created owned by root.
Bug 1083183 - expreserve can be used to overwite any file.

Checksum of compressed tarfile 101089-01.tar.Z on ftp.uu.net:
BSD (on Solaris, /usr/ucb/sum; on 4.x, /bin/sum): 23443 27
SysV (on Solaris, /usr/bin/sum): 36631 54

C. Sun Patch ID: 101090-01, security problem with expreserve.
Sun Bug IDs: 1044909, 1083183
SunOS release: SunOS 5.2/Solaris 2.2
Synopsis: This patch fixes a problem in the expreserve program
which allows it to be used to overwrite any file. This
vulnerability can be used to obtain root access to the system.
Problem Description:
Bug 1044909 - race condition when file is created owned by root.
Bug 1083183 - expreserve can be used to overwite any file.

Checksum of compressed tarfile 101090-01.tar.Z on ftp.uu.net:
BSD (on Solaris, /usr/ucb/sum; on 4.x, /bin/sum): 53431 27
SysV (on Solaris, /usr/bin/sum): 53432 54
==============================================================================

II. RELATED PATCHES

A. Sun Patch ID: 101080-01, security problem with expreserve.
Sun Bug IDs: 1044909, 1083183
SunOS release: SunOS 4.1, 4.1.1, 4.1.2, 4.1.3
Synopsis: This patch fixes a problem in the expreserve program
which allows it to be used to overwrite any file. This
vulnerability can be used to obtain root access to the system.
Problem Description:
Bug 1044909 - race condition when file is created owned by root.
Bug 1083183 - expreserve can be used to overwite any file.

Checksum of compressed tarfile 101080-01.tar.Z on ftp.uu.net:
BSD (on Solaris, /usr/ucb/sum; on 4.x, /bin/sum): 45221 13
SysV (on Solaris, /usr/bin/sum): 1998 25

NOTE: This patch obsoletes patch 100251-01.
==============================================================================

III. OBTAINING PATCHES

Sun Microsystems recommends that all customers concerned with the security
of their SunOS system(s) obtain and install the patches that are applicable
to their computing environment.

All patches listed are available through your local Sun answer centers
worldwide. Please refer to the Bugid and Patchid when requesting patches
from Sun answer centers.

Sun also makes security patches available through anonymous FTP. In the US,
FTP to ftp.uu.net and obtain the patch from the /systems/sun/sun-dist
directory. In Europe, FTP to mcsun.eu.net and obtain the patch from the
~ftp/sun/fixes directory. (Note that Sun does not have direct access to
mcsun.eu.net and must request that patches be copied from ftp.uu.net to
mcsun.eu.net. Therefore, there may be a time lag before patches appear
on mcsun.eu.net.)
===========================================================================

IV. ACKNOWLEDGMENTS

Sun Microsystems acknowledges the CERT Coordination Center, the CIAC
Computer Security Technology Center, and Lawrence Livermore Laboratories
for their assistance in the resolution of the expreserve problem.
===========================================================================

Mark G. Graff
Software Security Coordinator
Sun Microsystems, Inc.

(Please address e-mail replies or inquiries to: "security-alert@Sun.COM".)
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close