**************************************************************************
Security Bulletin 9219 DISA Defense Communications System
July 22, 1992 Published by: DDN Security Coordination Center
(SCC@NIC.DDN.MIL) 1-(800) 365-3642
DEFENSE DATA NETWORK
SECURITY BULLETIN
The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security
Coordination Center) under DISA contract as a means of communicating
information on network and host security exposures, fixes, and concerns
to security and management personnel at DDN facilities. Back issues may
be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5]
using login="anonymous" and password="guest". The bulletin pathname is
scc/ddn-security-yynn (where "yy" is the year the bulletin is issued
and "nn" is a bulletin number, e.g. scc/ddn-security-9219).
**************************************************************************
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
! !
! The following important advisory was issued by the Computer !
! Emergency Response Team (CERT) and is being relayed unedited !
! via the Defense Information Systems Agency's Security !
! Coordination Center distribution system as a means of providing !
! DDN subscribers with useful security information. !
! !
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
===========================================================================
CA-92:15 CERT Advisory
July 21, 1992
Multiple SunOS Vulnerabilities Patched
---------------------------------------------------------------------------
The CERT/CC (Computer Emergency Response Team/Coordination Center) has
received information concerning several vulnerabilities in the Sun
Microsystems, Inc. (Sun) operating system (SunOS). These vulnerabilities
affect all architectures and supported versions of SunOS including 4.1,
4.1.1, and 4.1.2 on sun3, sun3x, sun4, sun4c, and sun4m. The patches have
been released as upgrades to three existing patch files.
Since application of these patches involves rebuilding your system kernel
file (/vmunix), it is recommended that you apply all patches simultaneously.
Use the procedure described below to apply the patches and rebuild the kernel.
Sun has provided patches for these vulnerabilities as updates to
Patch IDs 100173, 100376, and 100567. They are available through your local
Sun Answer Centers worldwide as well as through anonymous ftp from the
ftp.uu.net (137.39.1.9) system (in the /systems/sun/sun-dist directory).
Fix Patch ID Filename Checksum
NFS Jumbo 100173-08 100173-08.tar.Z 32716 562
Integer mul/div 100376-04 100376-04.tar.Z 12884 100
ICMP redirects 100567-02 100567-02.tar.Z 23118 13
Please note that Sun Microsystems sometimes updates patch files. If you
find that the checksum is different, please contact Sun Microsystems or CERT
for verification.
---------------------------------------------------------------------------
NFS jumbo patch upgrade, SunOS 4.1, 4.1.1, 4.1.2, all architectures
I. Description
The upgrade to the NFS Jumbo patch addresses a vulnerability that
allows an intruder to become root using NFS. This vulnerability
affects all architectures and supported versions of SunOS.
II. Impact
A remote user may exploit this vulnerability to gain root access.
III. Solution
Extract the new files to be installed in the kernel.
Install the patch files in /sys/`arch -k`/OBJ as described in the
README file included in the patch file. Be sure to make a backup
of each file you are replacing before moving the patched file to the
/sys/`arch -k`/OBJ directory.
Config, make, and install the new kernel to include all patches
described in this advisory, as appropriate to your system. Reboot
each host using the appropriate kernel. Refer to the Systems and
Network Administration manual for instructions on building and
configuring a new custom kernel.
Integer mul/div patch upgrade, SunOS 4.1, 4.1.1, 4.1.2, SPARC architectures
I. Description
The integer mul/div patch upgrade addresses an additional problem with
the integer multiplication emulation code on SPARC architectures. The
current code allows an intruder to become root. This vulnerability
affects SPARC architectures (sun4, sun4c, and sun4m) for all supported
versions of SunOS (4.1, 4.1.1, and 4.1.2).
II. Impact
A local user may exploit a bug in the emulation routines to gain
root access or crash the system.
III. Solution
Extract the new files to be installed in the kernel. Note that
this patch applies only to SPARC architectures.
Install the patch files in /sys/`arch -k`/OBJ as described in the
README file included in the patch file. Be sure to make a backup
of each file you are replacing before moving the patched file to the
/sys/`arch -k`/OBJ directory.
As appropriate to your system, config, make, and install the new kernel
to include all patches described in this advisory. Reboot each host
using the appropriate kernel. Refer to the Systems and Network
Administration manual for instructions on building and configuring a
new custom kernel.
ICMP redirects patch upgrade, SunOS 4.1, 4.1.1, 4.1.2, all architectures
I. Description
The ICMP redirects patch addresses a denial of service vulnerability
with SunOS that allows an intruder to close existing network
connections to and from a Sun system. This vulnerability affects all
Sun architectures and supported versions of SunOS.
II. Impact
A remote user may deny network services on a Sun system.
III. Solution
Extract the new file to be installed in the kernel (the patch is
the same for all supported versions of SunOS).
Install the patch files in /sys/`arch -k`/OBJ as described in the
README file included in the patch file. Be sure to make a backup
of each file you are replacing before moving the patched file to the
/sys/`arch -k`/OBJ directory.
As appropriate to your system, config, make, and install the new kernel
to include all patches described in this advisory . Reboot
each host using the appropriate kernel. Refer to the Systems and
Network Administration manual for instructions on building and
configuring a new custom kernel.
---------------------------------------------------------------------------
The CERT/CC wishes to thank Helen Rose of the EFF, Gordon Irlam of the
University of Adelaide, Wietse Venema of Eindhoven University, and Ken
Pon at Sun Microsystems, Inc for their assistance.
---------------------------------------------------------------------------
If you believe that your system has been compromised, contact CERT/CC or
your representative in FIRST (Forum of Incident Response and Security Teams).
Internet E-mail: cert@cert.org
Telephone: 412-268-7090 (24-hour hotline)
CERT/CC personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),
on call for emergencies during other hours.
Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous ftp
from cert.org (192.88.209.5).
****************************************************************************
* *
* The point of contact for MILNET security-related incidents is the *
* Security Coordination Center (SCC). *
* *
* E-mail address: SCC@NIC.DDN.MIL *
* *
* Telephone: 1-(800)-365-3642 *
* *
* NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, *
* Monday through Friday except on federal holidays. *
* *
****************************************************************************
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
