TUCoPS :: SunOS/Solaris :: 9126.txt

SunOS OpenWindows V3.0 Patch

**************************************************************************
Security Bulletin 9126                  DISA Defense Communications System
19 December 1991            Published by: DDN Security Coordination Center
                                      (SCC@NIC.DDN.MIL)   1-(800) 365-3642

                        DEFENSE  DATA  NETWORK
                          SECURITY  BULLETIN

The DDN  SECURITY BULLETIN is distributed  by the  DDN SCC  (Security
Coordination Center) under DISA contract as  a means of  communicating
information on network and host security exposures, fixes, &  concerns
to security & management personnel at DDN facilities.  Back issues may
be  obtained  via  FTP  (or  Kermit)  from  NIC.DDN.MIL  [192.112.36.5]
using login="anonymous" and password="guest".  The bulletin pathname is
SCC:DDN-SECURITY-yynn (where "yy" is the year the bulletin is issued
and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-9126).
**************************************************************************

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
!                                                                       !
!     The following important  advisory was  issued by the Computer     !
!     Emergency Response Team (CERT)  and is being relayed unedited     !
!     via the Defense Information Systems Agency's Security             !
!     Coordination Center  distribution  system  as a  means  of        !
!     providing  DDN subscribers with useful security information.      !
!                                                                       !
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

===========================================================================
CA-91:22                     CERT Advisory
                           December 16, 1991
                     SunOS OpenWindows V3.0 Patch
---------------------------------------------------------------------------

The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a vulnerability in Sun Microsystems,
Inc. (Sun) OpenWindows version 3.0.  This vulnerability exists on all
sun4 and sun4c architectures running SunOS 4.1.1.

Sun has provided a patch for this vulnerability.  It is available
through your local Sun Answer Center as well as through anonymous ftp
from the ftp.uu.net (192.48.96.2) system in the /sun-dist directory.

Fix                     PatchID        Filename            Checksum
loadmodule              1076118        100448-01.tar.Z     04354  5

Please note that Sun will occasionally update patch files.  If you
find that the checksum is different please contact Sun or the CERT/CC
for verification.

---------------------------------------------------------------------------

I.   Description

     An OpenWindows, version 3, setuid program (loadmodule(8)) can be
     exploited to execute a user's program using the effective UID of root.


II.  Impact

     This vulnerability allows a local user to gain root access.


III. Solution

     Obtain the patch from Sun or from ftp.uu.net and install, following the
     provided instructions.

     As root:

     1. Move the existing loadmodule aside.

        # mv $OPENWINHOME/bin/loadmodule $OPENWINHOME/bin/loadmodule.orig
        # chmod 400 $OPENWINHOME/bin/loadmodule.orig

     2. Copy the new loadmodule into the OpenWindows bin directory.

        # cp sun4/loadmodule $OPENWINHOME/bin/loadmodule
        # chown root $OPENWINHOME/bin/loadmodule
        # chmod 4755 $OPENWINHOME/bin/loadmodule

     See the README file provided with the patch for more information.
---------------------------------------------------------------------------
The CERT/CC wishes to thank Ken Pon at Sun Microsystems, Inc. for alerting
us to this vulnerability.
---------------------------------------------------------------------------

If you believe that your system has been compromised, contact CERT/CC via
telephone or e-mail.

Internet E-mail: cert@cert.sei.cmu.edu
Telephone: 412-268-7090 24-hour hotline:
           CERT/CC personnel answer 7:30a.m.-6:00p.m. EST(GMT-5)/EDT(GMT-4),
           on call for emergencies during other hours.

Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Past advisories and other information related to computer security are
available for anonymous ftp from the cert.sei.cmu.edu (192.88.209.5)
system.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH