|
From pon Thu Aug 29 15:28:28 1991 Return-Path: <pon> Received: by (4.1/SMI-4.1) id AA11876; Thu, 29 Aug 91 15:28:28 PDT From: pon (Ken Pon) Message-Id: <9108292228.AA11876@> Subject: New B-39 To: gschultz (Gene Schultz) Date: Thu, 29 Aug 91 15:28:27 PDT X-Mailer: ELM [version 2.3 PL0] Status: RO ROUGH DRAFT VENDOR RESTRICTED--FOR DEPARTMENT OF ENERGY CRAY SITES ONLY DO NOT DISTRIBUTE _____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin Latest Security Mods for CRAY UNICOS August 29, 1215 PST Number B-39 __________________________________________________________________________ PROBLEM: UNICOS security holes in cleantmp, cron, mail, nfs/automount, and MLS rexec/remsh/rshd PLATFORM: Many versions of the Cray UNICOS operating system (as described below for each SPR) DAMAGE: The UNICOS bugs allow unauthorized system privileges to non-privileged users SOLUTIONS: Install UNICOS mods that apply to your version of UNICOS __________________________________________________________________________ Critical Information About UNICOS Security Holes CIAC has been working with Cray Research Incorporated on the resolution of several critical security holes in the Cray UNICOS operating system. These UNICOS bugs may allow unauthorized system privileges to normal users. More explicit information on these problems can be found in Cray Field Alerts #122 ADDENDUM, #123 ADDENDUM, and #126, or by contacting CIAC or Cray Research International Software Technical Support directly. The mods listed below are Cray binary files available to correct each problem described. A valid user on crayamid.cray.com can use the FTP "put" command to transfer mods to another system. Note that crayamid.cray.com does not support the FTP "get" command. Alternatively, contact your Cray support representative to facilitate access to the appropriate mods. Mods are available on crayamid.cray.com in the specified file and directory. Each UNICOS mod has a unique identification and may be specific to a particular version of the UNICOS operating system. Unless otherwise stated, the mod will apply to the entire family of Cray hardware, including Cray-1, X-MP, Y-MP, and Cray-2. 1. Cray SPR 45292 - CLEANTMP allows any user to remove any file Reference Cray Field Alert #123 - ADDENDUM UNICOS version Cray Mod # crayamid Directory 5.1 d20705cmda /u/mods/unicos.common/5.1/cmd 6.0 60cmd21458a /u/mods/unicos.common/6.0/cmd 6.1 6Ecmd21458a /u/mods/unicos.common/6.1/cmd 2. Cray SPR 45753 - CRON allows any user to read protected files Reference Cray Field Alert #123 - ADDENDUM UNICOS version Cray Mod # crayamid Directory 5.1 51cmd22270c, /u/mods/unicos.common/5.1/cmd 51cmd22562d 6.0 60cmd22671c /u/mods/unicos.common/6.0/cmd 6.1 6Ecmd22671a /u/mods/unicos.common/6.1/cmd 3. Cray SPR 45743 - /BIN/MAIL allows users to read protected files Reference Cray Field Alert #123 - ADDENDUM UNICOS version Cray Mod # crayamid Directory 5.1 51cmd22391b /u/mods/unicos.common/5.1/cmd 6.0 60cmd22391a /u/mods/unicos.common/6.0/cmd 6.1 6Ecmd22391a /u/mods/unicos.common/6.1/cmd 4. Cray SPR 45455 - PORTMAP allows forwarding of mount requests Reference Cray Field Alert #122, #122 - ADDENDUM Cray Field Alert #122 discusses how one can obtain a file handle and access files from an unauthorized machine using NFS. The following mods closed this vulnerability by modifying portmap to disable the forwarding of mount requests on a server: UNICOS version Cray Mod # crayamid Directory 5.1 d20688rpca /u/mods/nfs/5.1 6.0 60RPC22343A /u/mods/rpc/6.0 6.1 6ERPC22329A /u/mods/rpc/6.1 However, the above mods may affect RPC applications that depend on portmap to forward their RPC requests to mountd. One of these applications is the automount command, which will not work if the mod from Field Alert #122 is installed. The appropriate mods to allow automount to work for Cray NFS clients is given below. For non-Cray systems, contact your vendor specific technical support representative to obtain a version of the automounter that does not make its requests via portmap. (Note that the SunOS 4.1 version of automount already contains this fix.) Refer to Cray Field Alert #122 - Addendum for more information. UNICOS version Cray Mod # crayamid Directory 5.1 NONE, automounter not supported in release 5.1 6.0 60nfs23984a /u/mods/nfs/6.0 6.1 6Enfs23984a /u/mods/nfs/6.E 5. Cray SPR 45405 - RSHD under UNICOS MLS grants unauthorized MLS privileges Cray SPR 46445 - REMSH/REXEC allows users to obtain permits, levels, and compartments not in the UDB Reference Cray Field Alert #126 UNICOS version Cray Mod # crayamid Directory 5.1 e20716tcpa, /u/mods/tcp_ip e20717cmda 6.0 60tcp21801a /u/mods/tcp_ip 6.1 6Etcp21801a /u/mods/tcp_ip CIAC recommends that you upgrade your version of UNICOS to the most recent available, since many improvements to the security of your system have been integrated into the most recent base operating system. In addition, you should install all mods (listed above) appropriate to your UNICOS system. For additional information or assistance, please contact CIAC: Kenneth L. Pon (415) 422-1783 until Sept. 1; afterwards call (510) 422-1783 or (FTS) 532-1783 send e-mail to pon@cheetah.llnl.gov Call CIAC at (415) 422-8193 until Sept. 1; afterwards call (510) 422-8193 or (FTS) 532-8193 send e-mail to ciac@.llnl.gov. Send FAX messages to: (415) 423-0913 or (FTS) 543-0913. James Ellis, Karis Forster, and Cray Research provided some of the information used in this bulletin. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.