TUCoPS :: Unix :: General :: ciaca14.txt

Additional on the vulnerability in the Unix DECODE alias 

________________________________________________________________________

                THE COMPUTER INCIDENT ADVISORY CAPABILITY



                                 CIAC



                        INFORMATION BULLETIN

________________________________________________________________________



Additional information on the vulnerability in the UNIX DECODE alias





January 23, 1990, 1130 PST                                      Number A-14



CIAC information bulletin A-13 described preliminary information about

a vulnerability in some versions of the UNIX operating system.  This

bulletin gives additional information and a procedure for patching

this vulnerability.



The UNIX operating system maintains a global mail aliases data base

used by the "sendmail" program to re-route electronic mail.  This

database file is contained in /usr/lib/aliases for most UNIX systems

(with exceptions noted below).  One standard alias delivered with some

versions of UNIX is "decode."  When mail is sent to "decode" at a UNIX

host, the message is re-routed to the program "uudecode", which will

translate a file that has been encoded with "uuencode".  There is a

vulnerability associated with this default alias, and CIAC maintains

that there is a strong possibility that this vulnerability has been or

is currently being exploited.



To determine if your UNIX system has this vulnerability, CIAC

recommends the following procedure:



1.      Find the global aliases file for your UNIX system.

Traditionally this file is kept in /usr/lib/aliases, but for some

systems such as SUN OS 4.X and ULTRIX 3.X systems it may be in

/etc/aliases.  If you do not have either of these files, it is

possible that you are not running the SENDMAIL program, and thus do

not have this vulnerability.  The global aliases file will be referred

to as <aliases> in the following steps.



2.      Determine if the decode alias is present in your global

aliases file.  To do this execute the command "grep decode <aliases>"

If this command results in nothing being displayed, your system does

not have a decode alias, and probably does not have this

vulnerability.  If you see a line such as 

'decode: "|/usr/bin/uudecode" ' or a similar line, proceed to step 3.



3.      Become a super-user for your system if you are not already

running as root.  Create a backup copy of the aliases file found in

step 1, and edit this file.  Insert a "#" at the beginning of the line

containing the decode alias.  The line should now read: 

'#decode: "|/usr/bin/uudecode" ' Save the file and exit.



4.      Assure that the ownership and permissions of this aliases file

are still set properly, by executing the command "ls -l <aliases>" The

line should begin with "-rw--r--r--" If this is not the case, run the

command "chmod 644 <aliases>"



5.      Once the aliases file has been altered, run the command

"newaliases" so that the changed aliases file will take effect.  The

vulnerability has now been closed.



If you do not wish to disable the DECODE alias, you can redirect

DECODE to postmaster.  In step 3 above, change the decode alias to

"decode: postmaster" Now mail to decode will be forwarded to

postmaster, allowing the designated postmaster to manually uudecode

the file if desired.  If neither of these solutions is appropriate for

your system, you may call CIAC for additional alternatives.



If you have questions, please contact CIAC.

 

        Tom Longstaff

        (415) 423-4416 or (FTS) 543-4416

        FAX: (FTS) 543-0913 or (415) 294-5054  



CIAC's business hours phone number is (415) 422-8193 or (FTS) 532-8193.  



CIAC's 24-hour emergency hot-line number is (415) 971-9384



or send e-mail to:  ciac@tiger.llnl.gov

 

Neither the United States Government nor the University of California

nor any of their employees, makes any warranty, express or implied, or

assumes any legal liability or responsibility for the accuracy,

completeness, or usefulness of any information, product, or process

disclosed, or represents that its use would not infringe privately

owned rights.  Reference herein to any specific commercial products,

process, or service by trade name, trademark manufacturer, or

otherwise, does not necessarily constitute or imply its endorsement,

recommendation, or favoring by the United States Government or the

University of California.  The views and opinions of authors expressed

herein do not necessarily state or reflect those of the United States

Government nor the University of California, and shall not be used for

advertising or product endorsement purposes.







TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH