CERT Advisory - SunOS /usr/ucb/rdist Vulnerability
CERT Advisory
cert-advisory-request at cert.org
Thu Mar 17 19:26:38 UTC 1994
=============================================================================
CA-94:04 CERT Advisory
March 17, 1994
SunOS /usr/ucb/rdist Vulnerability
=============================================================================
The CERT Coordination Center has received information concerning a
vulnerability in /usr/ucb/rdist in Sun Microsystems, Inc. SunOS 4.1.1,
4.1.2, 4.1.3, and 4.1.3c on all sun3 and sun4 architectures. SunOS 4.1.3_U1,
Solaris 2.x, and Solbourne's 4.1B and 4.1C are not vulnerable.
This is a Sun specific Advisory. Please reference CERT Advisory CA-91:20
"/usr/ucb/rdist Vulnerability" for general information regarding other
vendors. A vendor status file pub/cert_advisories/rdist-patch-status is
available via anonymous FTP from info.cert.org.
This vulnerability is being actively exploited; please review CERT Advisory
CA-94:01 "Ongoing Network Monitoring Attacks."
Patches can be obtained from local Sun Answer Centers worldwide as well as
through anonymous FTP from ftp.uu.net in the /systems/sun/sun-dist directory.
In Europe, these patches are available from ftp.eu.net in the
/sun/fixes directory.
Information concerning specific patches is outlined below. Please note
that Sun sometimes updates patch files. If you find that the checksum
is different, please contact Sun.
-----------------------------------------------------------------------------
I. Description
A security vulnerability exists in /usr/ucb/rdist that
can be used to gain unauthorized privileges. Under some
circumstances /usr/ucb/rdist can be used to create setuid
root programs.
II. Impact
This vulnerability allows a local user to gain root access.
III. Solution
A. If rdist is not being used, change the permissions on the file.
# chmod 700 /usr/ucb/rdist
B. Obtain and install the appropriate patches according to the
instructions included with the patches.
Module Patch ID Filename
---------- --------- ---------------
rdist 100383-06 100383-06.tar.Z
BSD Checksum = 58984 121
System V Checksum = 9125 241
MD5 Checksum = f8f78ddab19af5efabb9bd66fc8f5c1a
---------------------------------------------------------------------------
If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in Forum of Incident
Response and Security Teams (FIRST).
Internet E-mail: cert at cert.org
Telephone: 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
and are on call for emergencies during other hours.
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous
FTP from info.cert.org.
More information about the NANOG
mailing list