|
NIA #56 - Cert Advisory: NeXT System
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
ZDDDDDDDDDDDDDDDDDD? IMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM; ZDDDDDDDDDDDDDDDDDD?
3 Founded By: 3 : Network Information Access : 3 -Other World BBS 3
3 Guardian Of Time 3D: 03OCT90 :D3 -Txt Files Only! 3
3 Judge Dredd 3 : Judge Dredd : 3 See EOF if any ? 3
@DDDDDDDDBDDDDDDDDDY : File 56 : @DDDDDDDDDBDDDDDDDDY
3 HMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM< 3
3 IMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM; 3
@DDDDDDDD6 CERT Advisory: NeXT System Software :DDDDDDDDY
HMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM<
Just got this today. For all of you that have ran into NeXT software or
are currently running it, enjoy.
------------------------------------------------------------------------------
CA-90:06 CERT Advisory
October 2, 1990
NeXT's System Software
-----------------------------------------------------------------------------
This message is to alert administrators of NeXT Computers of four
potentially serious security problems.
The information contained in this message has been provided by David Besemer,
NeXT Computer, Inc. The following describes the four security problems,
NeXT's recommended solutions and the known system impact.
------------------------------------------------------------------------------
Problem #1 DESCRIPTION: On Release 1.0 and 1.0a a script exists in
/usr/etc/restore0.9 that is a setuid shell script. The existence of
this script is a potential security problem.
Problem #1 IMPACT: The script is only needed during the installation
process and isn't needed for normal usage. It is possible for any
logged in user to gain root access.
Problem #1 SOLUTION: NeXT owners running Release 1.0 or 1.0a should
remove /usr/etc/restore0.9 from all disks. This file is installed by
the "BuildDisk" application, so it should be removed from all systems
built with the standard release disk, as well as from the standard
release disk itself (which will prevent the file from being installed
on systems built with the standard release disk in the future). You
must be root to remove this script, and the command that will remove
the script is the following:
# /bin/rm /usr/etc/restore0.9
---
Problem #2 DESCRIPTION: On NeXT computers running Release 1.0 or
1.0a that also have publicly accessible printers, users can gain
extra permissions via a combination of bugs.
Problem #2 IMPACT: Computer intruders are able to exploit this security
problem to gain access to the system. Intruders, local users and remote
users are able to gain root access.
Problem #2 SOLUTION: NeXT computer owners running Release 1.0 or
1.0a should do two things to fix a potential security problem.
First, the binary /usr/lib/NextPrinter/npd must be replaced with a
more secure version. This more secure version of npd is available
through your NeXT support center. Upon receiving a copy of the more
secure npd, you must become root and install it in place of the old
one in /usr/lib/NextPrinter/npd. The new npd binary needs to be
installed with the same permission bits (6755) and owner (root) as
the old npd binary. The commands to install the new npd binary are
the following:
# /bin/mv /usr/lib/NextPrinter/npd /usr/lib/NextPrinter/npd.old
# /bin/mv newnpd /usr/lib/NextPrinter/npd
(In the above command, "newnpd" is the npd binary
that you obtained from your NeXT support center.)
# /etc/chown root /usr/lib/NextPrinter/npd
# /etc/chmod 6755 /usr/lib/NextPrinter/npd
The second half of the fix to this potential problem is to change the
permissions of directories on the system that are currently owned and
able to be written by group "wheel". The command that will remove
write permission for directories owned and writable by group "wheel"
is below. This command is all one line, and should be run as root.
# find / -group wheel ! -type l -perm -20 ! -perm -2 -ls -exec chmod
g-w ?? ?; -o -fstype nfs -prune
---
Problem #3 DESCRIPTION: On NeXT computers running any release of the
system software, public access to the window server may be a
potential security problem.
The default in Release 1.0 or 1.0a is correctly set so that public access
to the window server is not available. It is possible, when upgrading from
a prior release, that the old configuration files will be reused. These
old configuration files could possibly enable public access to the window
server.
Problem #3 IMPACT: This security problem will enable an intruder to gain
access to the system.
Problem #3 SOLUTION: If public access isn't needed, it should be disabled.
1. Launch the Preferences application, which is located in /NextApps
2. Select the UNIX panel by pressing the button with the UNIX
certificate on it.
3. If the box next to Public Window Server contains a check, click on
the box to remove the check.
---
Problem #4 DESCRIPTION: On NeXT computers running any release of the
system software, the "BuildDisk" application is executable by all users.
Problem #4 IMPACT: Allows a user to gain root access.
Problem #4 SOLUTION: Change the permissions on the "BuildDisk" application
allowing only root to execute it. This can be accomplished with the
command:
# chmod 4700 /NextApps/BuildDisk
To remove "BuildDisk" from the default icon dock for new users, do the
following:
1. Create a new user account using the UserManager application.
2. Log into the machine as that new user.
3. Remove the BuildDisk application from the Application Dock by dragging
it out.
4. Log out of the new account and log back in as root.
5. Copy the file in ?newuser/.NeXT/.dock to /usr/template/user/.NeXT/.dock
(where ?newuser is the home directory of the new user account)
6. Set the protections appropriately using the following command:
# chmod 555 /usr/template/user/.NeXT/.dock
7. If you wish, with UserManager, remove the user account that you created
in step 1.
In release 2.0, the BuildDisk application will prompt for the root password
if it is run by a normal user.
-----------------------------------------------------------------------------
CONTACT INFORMATION
For further questions, please contact your NeXT support center.
NeXT has also reported that these potential problems have been fixed in
NeXT's Release 2.0, which will be available in November, 1990.
Thanks to Corey Satten and Scott Dickson for discovering, documenting, and
helping resolve these problems.
-----------------------------------------------------------------------------
Guardian Of Time
Judge Dredd
Ignorance, Theres No Excuse.
For questions or comments write to:
Internet: [email protected]
..!uunet!nuchat!elisem
Fidonet: 1:106/69.0
or
NIA FeedBack
P.O. Box 299
Santa Fe, Tx. 77517-0299
[OTHER WORLD BBS]
This text smeared across cyberspace by:
________________________________________________________
|| Junk Culture Hallucination |
| xe0nsun ration ||
||Junk Culture|!|1093-686!|002400|!|24hrs Per Midnight||
|| |
|| |!|-Creators-|!| ||
|| Bg: Pydea Koft ||
|| Remote Bog: Carcinoenic Nam Crse |
|| |
|| |!-Well-oers-|!| ||
|| Nuker The Liing Ego Willia F. Tel ||
|| Howitzer Explosion Guy, Armitag ||
|| Otat of te Helioscrotums ||
|| ||
|| "Surrealist Manifesto" 'zine i a Junk Cuture Prodution ||
|| Officia Dropsite f "One Eight Two" Magazine |
|| |
|| "Whos' there? ||
|| Ah splendid show in the infinite. |
|| -- Aragn ||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
