Copy Link
Add to Bookmark
Report
Modernz 56
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
/* *\
/ * * \
/ * * \
/ * * \
/ * System Vulnerabilities * \
| * * |
| * * |
| * * |
| * Another Modernz Presentation * |
| * * |
\ * by * /
\ * Multiphage * /
\ * * /
\ * (C)opyright June 10th, 1992 * /
\ * */
*********************************************************
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*******************************************************************************
The Modernz can be contacted at:
MATRIX BBS
WOK-NOW!
World of Kaos NOW!
World of Knowledge NOW!
St. Dismis Institute
- Sysops: Wintermute
Digital-demon
(908) 905-6691
(908) WOK-NOW!
(908) 458-xxxx
1200/2400/4800/9600
14400/19200/38400
Home of Modernz Text Philez
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
TANSTAAFL
Pheonix Modernz
The Church of Rodney
- Sysop: Tal Meta
(908) 830-TANJ
(908) 830-8265
Home of TANJ Text Philez
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
CyberChat
Sysop: Hegz
(908)506-6651
(908)506-7637
300/1200/2400/4800/9600
14400/19200/38400
Modernz Site
TLS HQ
<><><><><><><><><><><><><><<><<><><><><><><><><><><><><><><><><><><><><><><><><
The Global Intelligence Center
World UASI Headquarters!
Pennsylvania SANsite!
(412) 475-4969 300/1200/2400/9600
24 Hours! SysOp: The Road Warrior
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
The Lost Realm
Western PA UASI site!
Western PA. SANfranchise
(412) 588-5056 300/1200/2400
SysOp: Orion Buster
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
The Last Outpost
PowerBBS Support Board
UASI ALPHA Division
NorthWestern PA UASI site!
(412) 662-0769 300/1200/2400
24 hours! SysOp: The Almighty Kilroy
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
Hellfire BBS
SANctuary World Headquarters!
New Jersey UASI site!
(908) 495-3926 300/1200/2400
24 hours! SysOp: Red
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
BlitzKreig BBS
Home of TAP
(502)499-8933
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
Information concerning several vulnerabilities in Sun Microsystems, Inc.
(Sun) Network File System (NFS) and the fsirand program. These
vulnerabilities affect SunOS versions 4.1.1, 4.1, and 4.0.3 on all
architectures.
Sun has provided separate patches for these vulnerabilities for SunOS
4.1.1, and has provided an initial patch for SunOS 4.1. Sun will be
providing complete patches for 4.1 and 4.0.3 at a later date. On
SunOS 4.1.1 systems, Sun states that patch 100173-07 must be installed
before patch 100424-1. The patches are available through your local
Sun Answer Centers worldwide as well as through anonymous ftp from the
.More..
ftp.uu.net (192.48.96.2) system in the /sun-dist directory.
Fix PatchID Filename Checksum
NFS Jumbo 4.1.1 100173-07 100173-07.tar.Z 07044 209
NFS Jumbo 4.1 100121-08 100121-08.tar.Z 61464 287
fsirand 4.1.1 100424-01 100424-01.tar.Z 63070 50
Please note that Sun will occasionally update patch files. If you
find that the checksum is different please contact Sun or the CERT/CC
for verification.
Sun recommends that sites upgrade to SunOS 4.1.1 to benefit from the
security improvements. In addition, they recommend the installation
of all security-related patches applicable to the version of SunOS
that you are running.
A general NFS security note: due to security flaws in the protocol,
filtering SunRPC and NFS IP packets (sockets 111 and 2049) between
the local network and the Internet. This will prevent intruders
outside your local network from accessing your files.
---------------------------------------------------------------------------
NFS Jumbo Patch, SunOS 4.1.1
I. Description
This patch fixes several SunOS NFS bugs (not all security-related).
The patch file, 100173-08.tar.Z, contains fixes for SunOS version
4.1.1. The BugIDs fixed in this patch are:
1039977 1032959 1029628 1037476 1038302 1034328 1045536 1030884 1045993
1047557 1052330 1053679 1041409 1065361 1066287 1064433 1070654
See the README file provided with the patch for more information.
II. Impact
These vulnerabilities (and bugs) have multiple impacts, including
crashing the system, allowing unauthorized system access, and causing
a problem with file group ownership.
III. Solution
Obtain the patch from Sun or from ftp.uu.net and install, following
the provided instructions, with the following exception:
line 112 of the README file currently reads:
mv /sys/`arch -k`/OBJ/nfs_subr.o /sys/arch -k`/OBJ/nfs_subr.o.FCS
^^^^^^^^
it should read:
mv /sys/`arch -k`/OBJ/nfs_subr.o /sys/`arch -k`/OBJ/nfs_subr.o.FCS
^^^^^^^^^
(Note the one-character difference.)
---------------------
NFS Jumbo Patch, SunOS 4.1
I. Description
This patch fixes several SunOS NFS bugs (not all security-related).
The patch file, 100121-08.tar.Z, contains fixes for SunOS version 4.1.
The BugIDs fixed in this patch are:
1026933 1034007 1039977 1029628 1037476 1038327 1038302
1034328 1045536 1045993 1047557 1030884 1052330 1053679
See the README file provided with the patch for more information.
II. Impact
These vulnerabilities (and bugs) have multiple impacts, including
crashing the system, allowing unauthorized system access, and causing
a problem with file group ownership.
III. Solution
Obtain the patch from Sun or from ftp.uu.net and install, following
the provided instructions.
---------------------
fsirand, SunOS 4.1.1
I. Description
A security vulnerability exists in SunOS NFS relating to the way in
which it allocates file handles. The patch file, 100424-01.tar.Z,
contains a fix for SunOS version 4.1.1. The BugID fixed in this patch
is 1063470.
II. Impact
The fsirand program could allow a remote system user to guess NFS file
handles, thereby potentially allowing them to mount and access your
NFS file systems.
III. Solution
Obtain the patch from Sun or from ftp.uu.net and install, following
the provided instructions. You must install PatchID 100173-07 before
installing this patch.
===========================================================================
Information concerning a vulnerability in Sun Microsystems, Inc. (Sun)
OpenWindows version 3.0. This vulnerability exists on all sun4 and
sun4c architectures running SunOS 4.1.1.
Sun has provided a patch for this vulnerability. It is available
through your local Sun Answer Center as well as through anonymous ftp
from the ftp.uu.net (192.48.96.2) system in the /sun-dist directory.
Fix PatchID Filename Checksum
loadmodule 1076118 100448-01.tar.Z 04354 5
---------------------------------------------------------------------------
I. Description
An OpenWindows, version 3, setuid program (loadmodule(8)) can be
exploited to execute a user's program using the effective UID of root.
II. Impact
This vulnerability allows a local user to gain root access.
III. Solution
Obtain the patch from Sun or from ftp.uu.net and install, following the
provided instructions.
As root:
1. Move the existing loadmodule aside.
# mv $OPENWINHOME/bin/loadmodule $OPENWINHOME/bin/loadmodule.orig
# chmod 400 $OPENWINHOME/bin/loadmodule.orig
2. Copy the new loadmodule into the OpenWindows bin directory.
# cp sun4/loadmodule $OPENWINHOME/bin/loadmodule
# chown root $OPENWINHOME/bin/loadmodule
# chmod 4755 $OPENWINHOME/bin/loadmodule