TUCoPS :: SunOS/Solaris :: ciaca32.txt

SunView/SunTools Selection_svc vulnerability

________________________________________________________________________

              THE COMPUTER INCIDENT ADVISORY CAPABILITY



                                 CIAC



                         INFORMATION BULLETIN

________________________________________________________________________



             SunView/SunTools selection_svc Vulnerability 



August 23, 1990, 1600 PST                                   Number A-32



CIAC has been advised that there is a vulnerability (Sun Bug ID

1039576) in systems running SunView under SunOS 4.x (or SunTools under

SunOS 3.x).  The SunView/SunTools selection_svc facility may allow a

remote user unauthorized access to selected files from a computer

running SunView.   The problem exists in Sun3 and Sun4 platforms

running SunOS 3.x, 4.0, 4.0.1, 4.0.3, and 4.1 as well as 386i platforms

running SunOS 4.0, 4.01, and 4.0.2.   Because the selection_svc process

continues to run until terminated, this vulnerability can be exploited

even after a user changes to another window system after running

SunView/SunTools or logs off the system.  (The problem is in

SunView/SunTools, however, and not with other window systems such as

X11.)  CERT/CC provides additional details:



    On Sun3 and Sun4 systems, a remote system can read any file that is

    readable to the user running SunView.  On the 386i, a remote system 

    can read any file on the workstation running SunView regardless of

    protections.  Note that if root runs Sunview, all files are 

    potentially accessible by a remote system.  If the password file with 

    the encrypted passwords is world readable, an intruder can take the 

    password file and attempt to guess passwords.



A patch for this vulnerability is available for Sun 4.x systems.  Call 

your local Sun answer center, phone (800) USA-4SUN, anonymous ftp into 

sun-fixes on uunet.uu.net, or send e-mail to:



    security-features@sun.com 



Sun Microsystems has recently established a customer warning system for

reporting new vulnerabilities and disseminating relevant information.

Send e-mail to:



        security-alert@sun.com



or leave a message on the voice mail system at (415) 336-7205.  Please 

also advise CIAC of any new vulnerabilities you may discover.

 

For additional information or assistance, please contact CIAC: 



        David Brown

        (415) 423-9878 or (FTS) 543-9878

        FAX:  (415) 423-0913, (FTS) 543-0913 or (415) 422-4294



CIAC's 24-hour emergency hot-line number is (415) 971-9384.   If you

call the emergency number and there is no answer, please let the number

ring until voice mail comes on.  Please leave a voice mail message;

someone will return your call promptly.  You may send e-mail to:



        ciac@tiger.llnl.gov

 

CERT/CC and Brad Powell of Sun Microsystems provided information

included in this bulletin.  Neither the United States Government nor

the University of California nor any of their employees, makes any

warranty,  expressed or implied, or assumes any legal liability or

responsibility for the accuracy, completeness, or usefulness of any

information, product, or process disclosed, or represents that its use

would not infringe privately owned rights.  Reference herein to any

specific commercial products, process, or service by trade name,

trademark manufacturer, or otherwise, does not necessarily constitute

or imply its endorsement, recommendation, or favoring by the United

States Government or the University of California.  The views and

opinions of authors expressed herein do not necessarily state or

reflect those of the United States Government nor the University of

California, and shall not be used for advertising or product

endorsement purposes.



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH