TUCoPS :: SunOS/Solaris :: ciacd018.txt

Solaris 2x Expreserve Patch

            _____________________________________________________
                 The Computer Incident Advisory Capability
                            ___  __ __    _     ___
                           /       |     / \   /
                           \___  __|__  /___\  \___
	    _____________________________________________________

                             INFORMATION BULLETIN

                  Solaris 2.x expreserve patches available
 
July 1, 1993 0900 PDT                                         Number D-18
__________________________________________________________________________
PROBLEM:   The expreserve utility allows unauthorized access to system
           files.
PLATFORM:  Sun workstations running Solaris 2.0, 2.1, and 2.2 
           (SunOS 5.0, 5.1, and 5.2).
DAMAGE:    Local users can gain root access.
SOLUTION:  Disable expreserve immediately, then install patch from Sun.
__________________________________________________________________________
	
         Critical Information about the expreserve Vulnerability

CIAC has learned that Sun Microsystems has released three new security
patches for Solaris 2.x systems to remove the vulnerability in the
expreserve utility described in CIAC Advisory D-16.  This vulnerability
allows local users to overwrite the contents of any file, regardless
of file ownership, and can be used to obtain root access to the system.
CIAC continues to recommend that the expreserve utility be disabled
until the appropriate patched version can be installed.

Disabling expreserve
--------------------
To prevent use of the expreserve utility, execute the following command
as root:

                  /bin/chmod a-x /usr/lib/expreserve

The expreserve command normally is used to recover editor files when
vi, ex, or edit terminate unexpectedly.  Disabling expreserve will
disable this recovery feature.  Users of these editors should be
advised of this temporary change and encouraged to save their work
frequently.

Patching Solaris 2.x (SunOS 5.x)
--------------------------------
Sun Microsystems has released three Solaris 2.x expreserve patches:

                                             Checksums
    Patch ID     Solaris Version    /usr/bin/sum    /usr/ucb/sum
    ---------    ---------------    ------------    ------------
    101119-01      Solaris 2.0        61863 54        47944 27
    101089-01      Solaris 2.1         4501 54        07227 27
    101090-01      Solaris 2.2        44985 54        02491 27

These patches, along with all other Sun security patches, are
available both through your local Sun Answer Center and anonymous
ftp.  In the U.S., ftp to ftp.uu.net and retrieve the patches from the
directory /systems/sun/sun-dist.  In Europe, ftp to mcsun.eu.net and
retrieve the patches from the /sun/fixes directory.

After retrieving a patch, its checksum may be verified using the sum
command.  Note that Sun Microsystems occasionally updates patch files,
resulting in a changed checksum.  Should you find that your checksums
differ, please contact CIAC or Sun Microsystems for verification
before installing the patch.

To install the patch on your system, follow the instructions contained
in the README file that accompanies the patch.

For additional information or assistance, please contact CIAC at
(510)422-8193 or send E-mail to ciac@llnl.gov.  FAX messages to
(510)423-8002.

Previous CIAC bulletins and other information are available via
anonymous FTP from irbis.llnl.gov (IP address 128.115.19.60).

CIAC wishes to acknowledge the contributions of Sun Microsystems in
the preparation of this bulletin.

PLEASE NOTE: Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents.  Your agency's team will coordinate with CIAC.  The Forum
of Incident Response and Security Teams (FIRST) is a world-wide
organization.  A list of FIRST member organizations and their
constituencies can be obtained by sending email to docserver@first.org
with an empty subject line and a message body containing the line:
send first-contacts.

This document was prepared as an account of work sponsored by an
agency of the United States Government.  Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, expressed or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, product, or process disclosed, or
represents that its use would not infringe privately owned rights.
Reference herein to any specific commercial products, process, or
service by trade name, trademark manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation, or
favoring by the United States Government or the University of
California.  The views and opinions of authors expressed herein do not
necessarily state or reflect those of the United States Government nor
the University of California, and shall not be used for advertising or
product endorsement purposes.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH