|
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT(sm) Advisory CA-94:05 Original issue date: March 18, 1994 Last revised: August 30, 1996 Information previously in the README was inserted into the advisory. Updated URL format. A complete revision history is at the end of this file. Topic: MD5 Checksums - ----------------------------------------------------------------------------- This advisory gives the MD5 checksums for a number of SunOS files, along with a tool for checking them. The checksums can be used to assure the integrity of those files. The CERT Coordination Center is distributing these checksums because of an increasing number of incidents in which intruders who gain root access are modifying system files to install Trojan horses. Moreover, intruders are modifying files so that they have the same checksum as the original file. This is possible because the standard "sum" program that comes with most UNIX systems was designed to detect accidental modifications to files and is not strong enough to prevent deliberate attempts to yield a specific checksum. The MD5 algorithm by RSA Data Security, Inc. is specifically designed to provide checksums that cannot be deliberately spoofed. We strongly recommend that sites install the MD5 software and use it to validate system software. More information on obtaining MD5 is given below. The list of checksums in Appendix B of this advisory is provided for your convenience. In addition, we are providing a program that can assist you in checking your MD5 output against the values in the database. This checksum list is not complete. We have begun with a number of the more common locations for Trojan horses that we have seen in connection with the continuing "sniffer" attacks reported in CA-94:01 "Ongoing Network Monitoring Attacks." We intend to work with all vendors to expand this list and make more MD5 checksums widely available for anonymous FTP. Note: After we publish checksums in advisories, files are sometimes updated at individual locations because of system upgrades or patch installation. For current MD5 checksum values, we recommend that you check with your vendor. We encourage sites to consider installing a more complete package for monitoring system integrity, such as Tripwire from the COAST project ftp://ftp.cs.purdue.edu/ or the TIGER system from TAMU ftp://net.tamu.edu/pub/security/TAMU/ - ----------------------------------------------------------------------------- I. Description Intruders are installing Trojan horses by modifying system files often in such a way that a standard checksum on the file generates the same checksum as the unaltered version. II. Impact The Trojan horses give the intruder continued access to a system and/or hide the intruder's activities. III. Solution 1. Obtain and install MD5. The MD5 algorithm is in the public domain, and there are several programs available that implement it. The algorithm is documented in RFC 1321, which is available from many archives including the "/rfc" directory in the anonymous FTP archive at ds.internic.net. RFC 1321 itself includes source code for implementing the algorithm. For convenience, that source has been extracted and made available for anonymous FTP on info.cert.org in the "pub/tools/md5" directory. 2. Run the "md5check" program listed in Appendix A of this advisory. This program will check a number of system files and note for each one whether the checksum did or did not match the checksum of a legitimate version. If the checksum does match, you can be confident that particular file has not been modified by an intruder. Note this does not mean the file is the most recent version for your system - only that it was in fact distributed by Sun. If the checksum DOES NOT match, consider these possible reasons: 1) The file may be legitimate but not included in this database. (Remember, the database is not complete.) To check this possibility, compare the file against the original distribution media. You may want to add the correct checksum to your copy of the database. 2) You may have made local modifications to the file at your site. To check this possibility, compare the file to a known good version. You may want to add the correct checksum to your copy of the database. 3) The file may be a Trojan horse installed by an intruder. We encourage you to replace this file with a known good version, and check for additional signs of compromise. .............................................................................. Appendix A: "md5check" The following program is a "nawk" script that can be run against the list of checksums "md5_sun.v1" in Appendix B: % nawk -f md5check md5_sun.v1 This program along with a man page and the database below, are available by anonymous FTP from info.cert.org in the "pub/tools/md5check" directory. Filename MD5 Checksum -------- ----------------------------- md5check 99108ab5a6007164a910626bbcc5888f md5_sun.v1 780a0f1f3717819c59135716e5f6a1ce - ------- Cut Here ------- # "md5check" version 1 (3/17/94) BEGIN { FS = "[ \t]*:[ \t]*"; } # Print notices from the configuration file /^##/ { print substr ($0, 3); next; } # Only handle MD5 checksums currently /^md5/ { source = sprintf("%-7s %-8s %-6s %s", $2, $3, $5, $4); file = $6; sum = hex_lower($7); if (md5[file] == "") { print "Checking", file; testcmd = "test -r " file; if ( system(testcmd) != 0 ) { print " Could not open", file; md5[file] = "x"; next; } else { md5cmd = "md5 " file md5cmd | getline md5[file]; close (md5cmd); # Strip off any leading text and set to lowercase sub(".*[ \t]", "", md5[file]); md5[file] = hex_lower(md5[file]); } } if (md5[file] == "x" || file in matched) { # Could not open or already matched next; } if (md5[file] == sum) { # We have a match - remember which one matched[file] = source; num_match++; if (file in not_matched) { num_no_match--; delete not_matched[file]; } } else { if (! (file in not_matched)) { num_no_match++; not_matched[file] = 1; } } } END { printf "\n%d files DID NOT MATCH a known checksum\n", num_no_match; printf "%d files did match a known checksum\n", num_match; print "\nThe following files DID NOT MATCH a known checksum"; for (filename in not_matched) { printf "\t%s\n", filename; } print "\nThe following files did match a known checksum"; for (filename in matched) { printf "\t%s\n\t\t%s\n", filename, matched[filename]; } } function hex_lower(s) { gsub("A","a",s); gsub("B","b",s); gsub("C","c",s); gsub("D","d",s); gsub("E","e",s); gsub("F","f",s); return s } - ------- Cut Here ------- .............................................................................. Appendix B: Checksums from Vendors Note: After we publish checksums in advisories, files are sometimes updated at individual locations because of system upgrades or patch installation. For current MD5 checksum values, we recommend that you check with your vendor. Hewlett-Packard Company ======================= To obtain a copy of the HP SupportLine mail service user's guide, send the following (in the TEXT PORTION OF THE MESSAGE to) to the HP SupportLine mail service. To: support@support.mayfield.hp.com Message Text: send guide.txt To obtain a patch identified within this Security Bulletin, send the following (in the TEXT PORTION OF THE MESSAGE) to the HP SupportLine mail service. To: support@support.mayfield.hp.com Message Text: send xxxxxxxxxxxx (where xxxxxxxxxxxx represents the specified patch name). If you have concerns about security issues, please forward them to: security-alert@hp.com The security-alert node is monitored during working hours Pacific Daylight Time by multiple HP Security Response Team personnel. We reply to your message only if necessary to obtain additional information. Solbourne (Grumman Systems Support) =================================== A list of MD5 checksums for Solbourne (Grumman Systems Support) executables under 4.1C is available via anonymous ftp from ftp.nts.gssc.com in directory /pub/docs/, files usr.etc.md5 and bin.md5. These include the files referred to in the advisory. The MD5 checksums for these executables are included below: MD5 (bin.md5) = cf3b3d8447ae19fa7e1741939fe82ea9 MD5 (bin.md5.41b) = 7e0c1ae26eda72f1791e235ab244ae44 MD5 (usr.etc.md5) = 1727d1705cc7750b7848df60a4b5788e MD5 (usr.etc.md5.41b) = 7e02c01cc47ec469c3210a8fabb012ff Sun Microsystems, Inc. ====================== ## Checksum Table for Selected SunOS Binary Files (v1: 3/17/94) ## ## PLEASE NOTE: The entries included in this table do not represent complete ## coverage of all released versions of these files. ## In particular, checksum data for outdated patch releases is ## limited. ## ## Failure to match a checksum for a given file does not ## necessarily indicate the presence of a Trojan binary. ## Failure indicates that the file's checksum did not match any ## contained in this table. The file's authenticity should be ## verified against distribution media or local modifications. ## ## Success at matching a file's checksum indicates that the ## corresponding file is free from tampering. ## # (MD5 is the RSA Data Security, Inc. Message Digest Algorithm) # # format of data # # XSUMTYPE:OSNAME:OSVERSION:SOURCE:ARCH:FILE:XSUM #/bin/login md5:SunOS:4.1:100201-06:sun3:/bin/login:00d95a04ecce2193b9c6e16516d37855 md5:SunOS:4.1:100201-06:sun4:/bin/login:e746fed42be0433a53cce082acfee23c md5:SunOS:4.1:100630-01:sun3:/bin/login:11d5ed4445face25642100ec0ab1ed3c md5:SunOS:4.1:100630-01:sun4:/bin/login:b6d013403c54949c0e476afd966ef261 md5:SunOS:4.1.1:Original Dist:sun3:/bin/login:073d378264f25245c154be8a12f208e9 md5:SunOS:4.1.1:Original Dist:sun4:/bin/login:92611eb1ef1f221c1e9c76db8da44a99 md5:SunOS:4.1.1:100201-06:sun3:/bin/login:00d95a04ecce2193b9c6e16516d37855 md5:SunOS:4.1.1:100201-06:sun4:/bin/login:e746fed42be0433a53cce082acfee23c md5:SunOS:4.1.1:100630-01:sun3:/bin/login:11d5ed4445face25642100ec0ab1ed3c md5:SunOS:4.1.1:100630-01:sun4:/bin/login:b6d013403c54949c0e476afd966ef261 md5:SunOS:4.1.1:100632-06:sun4:/bin/login:12c4b39cb94b8dcdad0a10e1c59345c6 md5:SunOS:4.1.1:100633-01:sun4:/bin/login:9634cda7a353d0043a22ad2b0eebaab2 md5:SunOS:4.1.2:Original Dist:sun4:/bin/login:637503c0e2b46791820609d87629db91 md5:SunOS:4.1.2:100630-01:sun4:/bin/login:b6d013403c54949c0e476afd966ef261 md5:SunOS:4.1.2:100631-01:sun3:/bin/login:65d1e270fbb13984f5e0036b9e4a1011 md5:SunOS:4.1.2:100631-01:sun4:/bin/login:976a0431dbd23ec1535c1679e215095b md5:SunOS:4.1.2:100632-06:sun4:/bin/login:12c4b39cb94b8dcdad0a10e1c59345c6 md5:SunOS:4.1.2:100633-01:sun4:/bin/login:9634cda7a353d0043a22ad2b0eebaab2 md5:SunOS:4.1.3:100630-02:sun3:/bin/login:11d5ed4445face25642100ec0ab1ed3c md5:SunOS:4.1.3:100630-02:sun4:/bin/login:b6d013403c54949c0e476afd966ef261 md5:SunOS:4.1.3:100632-06:sun4:/bin/login:12c4b39cb94b8dcdad0a10e1c59345c6 md5:SunOS:4.1.3:Original Dist:sun4:/bin/login:e88e84d228d05e8f54a0d57d62d0710d md5:SunOS:4.1.3c:Original Dist:sun4:/bin/login:e88e84d228d05e8f54a0d57d62d0710d md5:SunOS:4.1.3_u1:Original Dist:sun4:/bin/login:4e437a85e05f886ff5082ac58108d882 #/usr/kvm/ps md5:SunOS:4.1.1:Original Dist:sun3x:/usr/kvm/ps:ac96820499c2da78d65700e230f66df2 md5:SunOS:4.1.1:Original Dist:sun3:/usr/kvm/ps:b4633eed82815a233d2ca8d8df8d655e md5:SunOS:4.1.1:Original Dist:sun4:/usr/kvm/ps:390ef406ba27b1d591ba6f281986369b md5:SunOS:4.1.1:Original Dist:sun4c:/usr/kvm/ps:cb58a8259ff580389b115b7861793b48 md5:SunOS:4.1.2:Original Dist:sun4:/usr/kvm/ps:efca4ca10a088e557c6c69695dadcfa6 md5:SunOS:4.1.2:Original Dist:sun4c:/usr/kvm/ps:9d489c87d709a540aced718a04e38e11 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/kvm/ps:e9e364f3936a5b16d7e2fb812d11e475 md5:SunOS:4.1.2:100981-02:sun4:/usr/kvm/ps:86b8b5eb7212c94c9c570cd20c9af2ae md5:SunOS:4.1.2:100981-02:sun4c:/usr/kvm/ps:4871287498c0ab7b17d97848ebe34d15 md5:SunOS:4.1.2:100981-02:sun4m:/usr/kvm/ps:97cc063bafa6aaf032cb1b67b444c5a8 md5:SunOS:4.1.3:Original Dist:sun4:/usr/kvm/ps:226ab466429f5d4de4f6a108bae1c518 md5:SunOS:4.1.3:Original Dist:sun4c:/usr/kvm/ps:83b369e5d8c34db4d5d6725140d0b216 md5:SunOS:4.1.3:100981-02:sun4:/usr/kvm/ps:a4809a70e66b415bae8a165dc4ffb185 md5:SunOS:4.1.3:100981-02:sun4c:/usr/kvm/ps:cf10e206de67755e801e4c9d96c239a9 md5:SunOS:4.1.3:100981-02:sun4m:/usr/kvm/ps:d6237550748855bee17ce96465cd1331 md5:SunOS:4.1.3_u1:Original Dist:sun4m:/usr/kvm/ps:92c3b1495ab80446ddb6979c890cee58 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/kvm/ps:b14b75017dfe75ea1b89d147c6b49cb7 md5:SunOS:4.1.3_u1:Original Dist:sun4c:/usr/kvm/ps:e24eab973f1b1cfd6bf5b54310a2207f md5:SunOS:4.1.3_u1:101442-01:sun4:/usr/kvm/ps:174731efb18020dacde9f205ad04a4bf #/usr/etc/in.telnetd md5:SunOS:4.0.3:100125-05:sun3:/usr/etc/in.telnetd:dce91901f9fd15f7f6f6c94fb7824428 md5:SunOS:4.0.3:100125-05:sun4:/usr/etc/in.telnetd:2e67031ad7984c22cfacc8a0b4c3d6ee md5:SunOS:4.0.3c:100125-05:sun4c:/usr/etc/in.telnetd:943574a9befb9fac3fce2fc111f68d51 md5:SunOS:4.1:100125-05:sun3:/usr/etc/in.telnetd:2544753907d24a699c9cdfddcab0d2e3 md5:SunOS:4.1:100125-05:sun3x:/usr/etc/in.telnetd:3af506b9b02b6a299f5e081c3abfce1f md5:SunOS:4.1:100125-05:sun4:/usr/etc/in.telnetd:5448303462518cca8390a84b5f312abe md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.telnetd:333ffc49f21e675f3099772661549b7d md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/in.telnetd:7706ba7270a28f3470ccbe965f8fc7a1 md5:SunOS:4.1.1:100125-05:sun3:/usr/etc/in.telnetd:c4dca8a653f60feaed63a25786aee2ed md5:SunOS:4.1.1:100125-05:sun3x:/usr/etc/in.telnetd:6c409bd315711aae29b8285ffc4bb90c md5:SunOS:4.1.1:100125-05:sun4:/usr/etc/in.telnetd:29f24e09ffebc36fb14f9fee4bf2d6fc md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.telnetd:333ffc49f21e675f3099772661549b7d md5:SunOS:4.1.1:Original Dist:sun4c:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/in.telnetd:913095f91bbf06e98635f964951e0e2d md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/in.telnetd:b94ac90e4fe63f1c7a0199a27a7c4d80 md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/in.telnetd:b94ac90e4fe63f1c7a0199a27a7c4d80 md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/in.telnetd:503be2c540d03281fdada476d5b0b247 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/in.telnetd:831c59628b1197c612f19289a786eaeb #/usr/etc/ifconfig md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/ifconfig:0da82be29c7173759316f51417fb420a md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/ifconfig:47d6e495207cc2b7037bd94a12cf565b md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/ifconfig:de44e217c94fa4f4c6fdfbcae419cb8b md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/ifconfig:de44e217c94fa4f4c6fdfbcae419cb8b md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/ifconfig:c9fe06259a49a58edfc6f1fe68665990 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/ifconfig:22d9340368aec82ebdd63518613bc6ab #/usr/lib/libc.a md5:SunOS:4.1.1:100267-09:sun3:/usr/5lib/libc.a:af8a721ca332754cdff2a1f1b74b8e8f md5:SunOS:4.1.1:100267-09:sun3:/usr/5lib/libc_p.a:1b930986afb11494b4e1e0fd4f9540b0 md5:SunOS:4.1.1:100267-09:sun3:/usr/lib/libc.a:6b0ff2e11f3042d453ee502787ac29d7 md5:SunOS:4.1.1:100267-09:sun3:/usr/lib/libc_p.a:ad9bd3c42db06fb0c45674eaafc5c4f8 md5:SunOS:4.1.1:100267-09:sun4:/usr/5lib/libc.a:8c396b0695abb59fea66bc6615d9f101 md5:SunOS:4.1.1:100267-09:sun4:/usr/5lib/libc_p.a:d98a993e3f6c308f3679690dd4f5e8d7 md5:SunOS:4.1.1:100267-09:sun4:/usr/lib/libc.a:da7c2504a1cb5073d7e9bb7de580db32 md5:SunOS:4.1.1:100267-09:sun4:/usr/lib/libc_p.a:9879d72df71d9956f62f058ddf70d0f8 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/5lib/libc.a:4daced1b11335f613bf7a5792bfeff77 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/5lib/libc_p.a:bd2037193776678e48324f523064b95b md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/lib/libc.a:ae4bcb481e7267c1def082ed6acf4bd9 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/lib/libc_p.a:696c03eb30c696b712f38907d3c2ee45 md5:SunOS:4.1.1:Original Dist:sun4:/usr/5lib/libc.a:68686e4ed99b5dcf98ac4e3350ff6645 md5:SunOS:4.1.1:Original Dist:sun4:/usr/lib/libc.a:cbba2b6e294f0087a0b9116290946d46 md5:SunOS:4.1.1:Original Dist:sun3:/usr/5lib/libc.a:89b9040707c28810554dfaca6993e7d0 md5:SunOS:4.1.1:Original Dist:sun3:/usr/lib/libc.a:15d385b850be70a30077e66b67dc5f09 md5:SunOS:4.1.2:Original Dist:sun4:/usr/5lib/libc.a:e7ab3d2658611114833f25a4279db158 md5:SunOS:4.1.2:Original Dist:sun4:/usr/lib/libc.a:f95fabcdbaaf34ac3da6174e635724e3 md5:SunOS:4.1.3:Original Dist:sun4:/usr/5lib/libc.a:c6669804e4def2e1e49ad5628c52ee75 md5:SunOS:4.1.3:Original Dist:sun4:/usr/lib/libc.a:ab06bfd723df7802d25291576736ce23 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/5lib/libc.a:5ef2ccf958dc6734c3e412127884c559 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/lib/libc.a:6f5d5c343b262c03a3f976d2830f4d06 md5:SunOS:4.1.1:Original Dist:sun4:/usr/5lib/libc_p.a:21766ed7fdb431bb0435e48ea0764d42 md5:SunOS:4.1.1:Original Dist:sun4:/usr/lib/libc_p.a:709d9a093b637e64234a03f1c48583e7 md5:SunOS:4.1.1:Original Dist:sun3:/usr/5lib/libc_p.a:3e3fcdfeb1636c708f1a2fec14c13b9f md5:SunOS:4.1.1:Original Dist:sun3:/usr/lib/libc_p.a:18f6043209f019ec58e50ab4f4771d40 md5:SunOS:4.1.2:Original Dist:sun4:/usr/5lib/libc_p.a:c0b13f61038a198e6be3c09e137dee0e md5:SunOS:4.1.2:Original Dist:sun4:/usr/lib/libc_p.a:a40b2af6cde4734289f06d8325c8cf2e md5:SunOS:4.1.3:Original Dist:sun4:/usr/5lib/libc_p.a:bb06ddd972dd5549a3d6cc38a9537893 md5:SunOS:4.1.3:Original Dist:sun4:/usr/lib/libc_p.a:72c8bee2000b2562225077784ea61bac md5:SunOS:4.1.3c:Original Dist:sun4:/usr/5lib/libc_p.a:8ccee0cc285a298c713b8bace38da815 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/lib/libc_p.a:157a7dc7a8fc77f1a5a06a85d3bab16c #/usr/kvm/pstat md5:SunOS:4.1.1:Original Dist:sun3x:/usr/kvm/pstat:a131828d02092ab56e98ac8d63b1125d md5:SunOS:4.1.1:Original Dist:sun4:/usr/kvm/pstat:6de82bb539b54c2bd0be79dfc7712507 md5:SunOS:4.1.1:Original Dist:sun4c:/usr/kvm/pstat:5e6058397f8e86df7456e36ad54f9b1e md5:SunOS:4.1.2:Original Dist:sun4c:/usr/kvm/pstat:a1cfc4f23be423aede09e23bcbf6268a md5:SunOS:4.1.2:Original Dist:sun4m:/usr/kvm/pstat:c2abc2313450cfd72ccd93448fef967b md5:SunOS:4.1.3:Original Dist:sun4:/usr/kvm/pstat:0076043c06cd24ae927128f02da9b935 md5:SunOS:4.1.3:Original Dist:sun4c:/usr/kvm/pstat:225d4542b70f15af39c96a4d3b48a631 md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/kvm/pstat:e3a519a93a8b6a02fd6c64a6b3db476d md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/kvm/pstat:2a1cbf06988208179adf132349c3a403 md5:SunOS:4.1.3_u1:Original Dist:sun4m:/usr/kvm/pstat:2f3af3afbfa5942575bbcb02b13ebac1 md5:SunOS:4.1.3_u1:Original Dist:sun4c:/usr/kvm/pstat:d15776947e0d60fc7d5ae755f65e779b #/usr/etc/in.ftpd md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.ftpd:7ff869b0d0eeec61b08a81a085759681 md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/in.ftpd:7a17e92251d08c56d001a1f5654fcb35 md5:SunOS:4.1.1:Original Dist:sun4c:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/in.ftpd:8b1bfb5ba15d2898fffa373b1005e7ff md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/in.ftpd:79a29ae3f1deb02efb743d9cd39f6f2f md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/in.ftpd:79a29ae3f1deb02efb743d9cd39f6f2f md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/in.ftpd:c95b40609c510cfcc65504972d1f3ae1 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/in.ftpd:3e8f757252dd562ad80ae79e78d06fb7 #/usr/etc/in.rexecd md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.rexecd:4d9811877f622348dd454172fbb40a66 md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/in.rexecd:6d9f39193ac39bc9680a4fb44fdfb50f md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/in.rexecd:37316f4d63faa445ea448ec7c670f94f md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/in.rexecd:37316f4d63faa445ea448ec7c670f94f md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/in.rexecd:fd51458be842565c712f8d57cf5a6f28 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/in.rexecd:be66f45bb60f31aaa23377f23c66caca #/usr/etc/in.rshd md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.rshd:17f91e72bbf70d5cf3e75a3068d5c461 md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/in.rshd:a4eb9385df064b9a751ede87fd0804a2 md5:SunOS:4.1.1:Original Dist:sun4c:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/in.rshd:e45ab7d2dc4c3e7346292f85259c0432 md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/in.rshd:686c2bb25752e6bec5090e2732a46207 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/in.rshd:686c2bb25752e6bec5090e2732a46207 md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/in.rshd:3d81a586add92ef033088d928c7ae7dc md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/in.rshd:e5ca89c51427d917690fbcc1395507b4 #/usr/etc/in.tftpd md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/in.tftpd:ccec1773e5945a0b8397a74ec07112df md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/in.tftpd:e6b495aec9b8a24f5e58ebc19fd1eec7 md5:SunOS:4.1.1:Original Dist:sun4c:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/in.tftpd:4b924bda12c61674771c84caa0fa1e80 md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/in.tftpd:bfaf4492223126181ca9333220cbcf02 md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/in.tftpd:bfaf4492223126181ca9333220cbcf02 md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/in.tftpd:73ea84bdcff54ace0e601f5c3d2f90b0 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/in.tftpd:0ff3883f2b99f06d4f897347c58a79d9 #/usr/etc/inetd md5:SunOS:4.1.1:Original Dist:sun3x:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.1:Original Dist:sun3:/usr/etc/inetd:0764c23ac95b4ea5a8683c8761337485 md5:SunOS:4.1.1:Original Dist:sun4:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.2:Original Dist:sun4:/usr/etc/inetd:e6054cbb343d21791c6457e78822d5f1 md5:SunOS:4.1.2:Original Dist:sun4c:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.2:Original Dist:sun4m:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.3:Original Dist:sun4:/usr/etc/inetd:c3a923cbf5023b48ffdef3d043190a81 md5:SunOS:4.1.3:Original Dist:sun4c:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.3c:Original Dist:sun4:/usr/etc/inetd:c3a923cbf5023b48ffdef3d043190a81 md5:SunOS:4.1.3c:Original Dist:sun4m:/usr/etc/inetd:c3a0f2bb985babcd43a438ce53de54ae md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/etc/inetd:722d3e46a2f8e52ffadd7450fbbd1438 #/usr/bin/newgrp md5:SunOS:4.1.1:Original Dist:sun3:/usr/bin/newgrp:e3d6e9d43345372f5aa0d5c96570b155 md5:SunOS:4.1.1:Original Dist:sun4:/usr/bin/newgrp:d3749b2a6e99f14feede9430d1feee46 md5:SunOS:4.1.2:Original Dist:sun4:/usr/bin/newgrp:875e7cf58cec91c6fb44ec6e5d89ef0f md5:SunOS:4.1.3:Original Dist:sun4:/usr/bin/newgrp:7c0aad251ccb8de9c050d53c823f334f md5:SunOS:4.1.3c:Original Dist:sun4:/usr/bin/newgrp:7c0aad251ccb8de9c050d53c823f334f md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/bin/newgrp:04edbbb4d06bf056c4959d3b85560fe6 #/usr/bin/passwd md5:SunOS:4.1.1:Original Dist:sun3:/usr/bin/passwd:11499df2dfc4f75c5466e09b64fe1097 md5:SunOS:4.1.1:Original Dist:sun4:/usr/bin/passwd:d4e3ee198d6e3934bc2356ce495e77c7 md5:SunOS:4.1.2:Original Dist:sun4:/usr/bin/passwd:2dcec1f0e106354a85058f4c2c66e2bd md5:SunOS:4.1.3:Original Dist:sun4:/usr/bin/passwd:6fdb875b621de4dbffab6f6782ec2ba3 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/bin/passwd:6fdb875b621de4dbffab6f6782ec2ba3 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/bin/passwd:97f3231b48d6e29b829357b72043aadc #/usr/bin/su md5:SunOS:4.1.1:Original Dist:sun3:/usr/bin/su:829e4e39edc3a8d299f5525c866dc324 md5:SunOS:4.1.1:Original Dist:sun4:/usr/bin/su:94b0bc99dcb9dcdbc3e8ece7e127a906 md5:SunOS:4.1.2:Original Dist:sun4:/usr/bin/su:23fe0a40ec522c5add89cd6ab2731170 md5:SunOS:4.1.3:Original Dist:sun4:/usr/bin/su:0d2f5665c9befdf2f7aeafa4d77266bb md5:SunOS:4.1.3c:Original Dist:sun4:/usr/bin/su:0d2f5665c9befdf2f7aeafa4d77266bb md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/bin/su:c49812d55df4712194f832f099d40aa7 #Shared Libraries md5:SunOS:4.1.1:Original Dist:sun4:/usr/5lib/libc.so.2.6:1d66abbac68785d6f8fa8ff53200845e md5:SunOS:4.1.1:Original Dist:sun4:/usr/lib/libc.so.1.6:d4dc2514248834d95ee6b5c77a7eda86 md5:SunOS:4.1.1:Original Dist:sun3:/usr/5lib/libc.so.1.15:26c5c2e8b147f3f6d96bdff369853cad md5:SunOS:4.1.1:Original Dist:sun3:/usr/lib/libc.so.0.15:2262f263e711bff2bd4d9d6f87ea5edd md5:SunOS:4.1.2:Original Dist:sun4:/usr/5lib/libc.so.2.7:b1e624d4293907511e4ee9e8e77e74dd md5:SunOS:4.1.2:Original Dist:sun4:/usr/lib/libc.so.1.7:76c095597088ee5bc82a2c1ce0a419ce md5:SunOS:4.1.3:Original Dist:sun4:/usr/5lib/libc.so.2.8:d3c8366dca51488864cc8d80c106f190 md5:SunOS:4.1.3:Original Dist:sun4:/usr/lib/libc.so.1.8:aabfb3300f2d872cdc6d9fb10514e246 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/5lib/libc.so.2.8:af3584319d80525c2ca8e8ea8920d131 md5:SunOS:4.1.3c:Original Dist:sun4:/usr/lib/libc.so.1.8:91a8dde1c328e474ec08557c211a4dcb md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/5lib/libc.so.2.9:722852b7e5df15de70e3c1a1f96c04d9 md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/lib/libc.so.1.9:2d5bc65422472f7d4119712ccf795bf3 - --------------------------------------------------------------------------- The CERT Coordination Center gratefully acknowledges the help of CIAC and, in particular, Steve Weeber of CIAC for providing us with an initial version of the "md5check" script and Tony Bartoletti for an initial checksum database. We also wish to thank SUN Microsystems for supplying checksum information. - --------------------------------------------------------------------------- If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in Forum of Incident Response and Security Teams (FIRST). Internet E-mail: cert@cert.org Telephone: 412-268-7090 (24-hour hotline) CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4), and are on call for emergencies during other hours. CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Past advisories, information about FIRST representatives, and other information related to computer security are available for anonymous FTP from info.cert.org. Copyright 1994, 1995, 1996 Carnegie Mellon University This material may be reproduced and distributed without permission provided it is used for noncommercial purposes and the copyright statement is included. CERT is a service mark of Carnegie Mellon University. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Revision history Aug. 30, 1996 Information previously in the README was inserted into the advisory. Updated URL format. Sep. 18, 1995 Intro. and Appendix B - Added note about checking with vendors for current checksum values. (as received) Appendix B, Hewlett-Packard & Solbourne - added checksums Sun - corrected one line of Sun entry: "md5:SunOS:4.1.3_u1:Original Dist:sun4:/usr/bin/login" is now "md5:SunOS:4.1.3_u1:Original Dist:sun4:bin/login" and has a new checksum Sept. 18, 1995 - Intro. - Updated the URL for Tripwire. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMiSTA3VP+x0t4w7BAQFUrAQAiihlFyeGUxOd5xjSVd77JjCoEB+HSkj1 SEwokeqIv3lrvcTRN5Q1bJ2VaJJWEyD4kLkMuVUElK6j56yMnUK7CquaYATaLehH he96t/pY0rUQJ1VnuPQZbBmNMeNvPuBslk+sTXCJnU1EtXM0fqHj+RtcmlJ2smWo Hxcx5+qT7zo= =1bwk -----END PGP SIGNATURE-----