|
CERT advisories regarding security holes in SunOS
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
---------------------------------------------------------------------------
CA-91:08 CERT Advisory
May 23, 1991
AT&T System V Release 4 /bin/login Vulnerability
---------------------------------------------------------------------------
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a security vulnerability in AT&T's UNIX®
System V Release 4 operating system. AT&T is providing a software upgrade
for Release 4 operating system vendors and a patch for AT&T Computer Systems
customers. AT&T has also provided a suggested fix for all Release 4
based systems.
---------------------------------------------------------------------------
I. DESCRIPTION:
A security vulnerability exists in /bin/login in AT&T's System V
Release 4 operating system.
II. IMPACT:
System users can gain unauthorized privileges.
III. SOLUTION:
A. AT&T Computer Systems customers
Log into the root account. Change the execution permission on
the file /bin/login.
chmod 500 /bin/login
Contact AT&T Computer Systems at 800-922-0354 to obtain a fix.
The numbers associated with the fix are 156 (3.5" media) and
157 (5.25" media).
International customers should contact their local AT&T
Computer Systems representative.
B. All other System V Release 4 based systems
Log into the root account. Change the execution permission on
the file /bin/login.
chmod 500 /bin/login
Release 4 customers should contact their operating system
supplier for details on the availability of the software
update.
---------------------------------------------------------------------------
The CERT/CC would like to thank AT&T for their timely response to our
report of this vulnerability.
---------------------------------------------------------------------------
If you believe that your system has been compromised, contact CERT/CC via
telephone or e-mail.
Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Internet E-mail: [email protected]
Telephone: 412-268-7090 24-hour hotline:
CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
on call for emergencies during other hours.
Past advisories and other computer security related information are available
for anonymous ftp from the cert.org (192.88.209.5) system.
|
|
