Copy Link
Add to Bookmark
Report
CIAC A-32
________________________________________________________________________
THE COMPUTER INCIDENT ADVISORY CAPABILITY
CIAC
INFORMATION BULLETIN
________________________________________________________________________
SunView/SunTools selection_svc Vulnerability
August 23, 1990, 1600 PST Number A-32
CIAC has been advised that there is a vulnerability (Sun Bug ID
1039576) in systems running SunView under SunOS 4.x (or SunTools under
SunOS 3.x). The SunView/SunTools selection_svc facility may allow a
remote user unauthorized access to selected files from a computer
running SunView. The problem exists in Sun3 and Sun4 platforms
running SunOS 3.x, 4.0, 4.0.1, 4.0.3, and 4.1 as well as 386i platforms
running SunOS 4.0, 4.01, and 4.0.2. Because the selection_svc process
continues to run until terminated, this vulnerability can be exploited
even after a user changes to another window system after running
SunView/SunTools or logs off the system. (The problem is in
SunView/SunTools, however, and not with other window systems such as
X11.) CERT/CC provides additional details:
On Sun3 and Sun4 systems, a remote system can read any file that is
readable to the user running SunView. On the 386i, a remote system
can read any file on the workstation running SunView regardless of
protections. Note that if root runs Sunview, all files are
potentially accessible by a remote system. If the password file with
the encrypted passwords is world readable, an intruder can take the
password file and attempt to guess passwords.
A patch for this vulnerability is available for Sun 4.x systems. Call
your local Sun answer center, phone (800) USA-4SUN, anonymous ftp into
sun-fixes on uunet.uu.net, or send e-mail to:
security-features@sun.com
Sun Microsystems has recently established a customer warning system for
reporting new vulnerabilities and disseminating relevant information.
Send e-mail to:
security-alert@sun.com
or leave a message on the voice mail system at (415) 336-7205. Please
also advise CIAC of any new vulnerabilities you may discover.
For additional information or assistance, please contact CIAC:
David Brown
(415) 423-9878 or (FTS) 543-9878
FAX: (415) 423-0913, (FTS) 543-0913 or (415) 422-4294
CIAC's 24-hour emergency hot-line number is (415) 971-9384. If you
call the emergency number and there is no answer, please let the number
ring until voice mail comes on. Please leave a voice mail message;
someone will return your call promptly. You may send e-mail to:
ciac@tiger.llnl.gov
CERT/CC and Brad Powell of Sun Microsystems provided information
included in this bulletin. Neither the United States Government nor
the University of California nor any of their employees, makes any
warranty, expressed or implied, or assumes any legal liability or
responsibility for the accuracy, completeness, or usefulness of any
information, product, or process disclosed, or represents that its use
would not infringe privately owned rights. Reference herein to any
specific commercial products, process, or service by trade name,
trademark manufacturer, or otherwise, does not necessarily constitute
or imply its endorsement, recommendation, or favoring by the United
States Government or the University of California. The views and
opinions of authors expressed herein do not necessarily state or
reflect those of the United States Government nor the University of
California, and shall not be used for advertising or product
endorsement purposes.
