TUCoPS :: Unix :: General :: ciacb028.txt

System V bin Login Patch 

        _____________________________________________________
             The Computer Incident Advisory Capability
                         ___  __ __    _     ___
                        /       |     / \   /
                        \___  __|__  /___\  \___
        _____________________________________________________
                         Information Bulletin

May 23, 1991, 0900 PST                                     Number B-28

	     AT&T System V Release 4 Patch for /bin/login

-----------------------------------------------------------------------------
PROBLEM:  	/bin/login may be improperly installed in System V Release 4 
		based systems
PLATFORM:    	All systems based on System V Release 4 may be affected
DAMAGE:   	May allow unauthorized root access
SOLUTIONS:   	Modify permissions for /bin/login and/or install a patch 
		provided by the vendor
-----------------------------------------------------------------------------
	   Critical Facts about System V Release 4 problem

CIAC has learned of a potential vulnerability in the AT&T System V
Release 4 version of the /bin/login program.  This program is used to
initially log users into the system, and if unpatched, may be used to
gain unauthorized system privileges (root).

For AT&T computer system customers, a patch is available to replace
the /bin/login program.  Contact AT&T Computer Systems at (800)
922-0354 to obtain the patch.  The patch numbers are #156 for 3.5"
media, or #157 for 5.25" media.

If this patch is not available for your system, AT&T and CIAC
recommends the following workaround be used until a patch becomes
available from the individual vendor providing system software
support.

1)	Login to the system as root and execute the command:
	chmod 500 /bin/login

The impact of this workaround will be to disallow the use of the login
command from non-root users (this will not effect the login sequence
normally used by the system).

For additional information or assistance, please contact CIAC:   
 
	Tom Longstaff
	(415) 423-4416 or (FTS) 543-4416
	longstaf@llnl.gov

	During working hours call CIAC at (415) 422-8193 or 
	(FTS) 532-8193 or send e-mail to ciac@cheetah.llnl.gov.  For
	non-working hour emergencies, call (800) SKY PAGE,
	then enter 855-0070 or 855-0074.  (THIS IS A NEW EMERGENCY NUMBER!)  
    
	Send FAX messages to:  (415) 423-0913 or (FTS) 543-0913.

The assistance of the Computer Emergency Response Team/Coordination
Center (CERT/CC) and AT&T is gratefully acknowledged.  This document
was prepared as an account of work sponsored by an agency of the
United States Government. Neither the United States Government nor the
University of California nor any of their employees, makes any
warranty, express or implied, or assumes any legal liability or
responsibility for the accuracy, completeness, or usefulness of any
information, apparatus, product, or process disclosed, or represents
that its use would not infringe privately owned rights. Reference
herein to any specific commercial products, process, or service by
trade name, trademark, manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation or
favoring by the United States Government or the University of
California. The views and opinions of authors expressed herein do not
necessarily state or reflect those of the United States Government or
the University of California, and shall not be used for advertising or
product endorsement purposes.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH