From: ELAB::PANETTA "Ron Panetta, GE-ELAB, 8*256-2555 21-May-1991 0752" 21-MAY-1991 08:24:08.43 To: @NETMGRS CC: Subj: SUNos CERT advisory (I don't do Sun but some of you may!) I just got this from Bob Boyd. I've only sent it to NETMGRS.DIS and have enclosed a copy of SYSMGRS.DIS (at the end) for your use. Ron ---------------------------------------------------------------------- From: CRDGW2::CRDGW2::MRGATE::"SMTP::RALPH.RTPNC.EPA.GOV::RBN" 21-MAY-1991 01:08:57.66 To: ELAB::PANETTA CC: Subj: CERT Advisory - SunOS Source Tape Installation From: rbn@ralph.rtpnc.epa.gov@SMTP@CRDGW2 To: PANETTA@ELAB@MRGATE Received: by crdgw1.ge.com (5.57/GE 1.97) id AA09058; Mon, 20 May 91 13:24:17 EDT Received: from ralph.rtpnc.epa.gov by sunvis.rtpnc.epa.gov (5.59/fty-EPA/RTP-12-17-90) id AA06582; Mon, 20 May 91 13:24:02 EDT Received: by ralph.rtpnc.epa.gov via UUCP (5.52/890607.SGI) (for panetta@crdgw2.crd.ge.com) id AA00622; Mon, 20 May 91 13:23:59 EDT Date: Mon, 20 May 91 13:23:59 EDT From: rbn@ralph.rtpnc.epa.gov (Bob Boyd) Message-Id: <9105201723.AA00622@ralph.rtpnc.epa.gov> To: rbn@ralph.rtpnc.epa.gov, panetta@crdgw2 Subject: CERT Advisory - SunOS Source Tape Installation Newsgroups: comp.security.announce Path: rock.concert.net!mcnc!rutgers!tut.cis.ohio-state.edu!ucbvax!CERT.SEI.CMU.EDU!cert-advisory-request From: cert-advisory-request@CERT.SEI.CMU.EDU (CERT Advisory) Newsgroups: comp.security.announce Subject: CERT Advisory - SunOS Source Tape Installation Message-ID: <9105201309.AA02343@tictac.cert.sei.cmu.edu> Date: 20 May 91 13:07:36 GMT Sender: daemon@ucbvax.BERKELEY.EDU Distribution: inet Organization: The Computer Emergency Response Team Lines: 87 Approved: cert@cert.sei.cmu.edu CA-91:07 CERT Advisory May 20, 1991 SunOS Source Tape Installation Vulnerability ------------------------------------------------------------------------- The Computer Emergency Response Team/Coordination Center (CERT/CC) has received the following information from Sun Microsystems, Inc. (Sun). Sun has given the CERT/CC permission to distribute their Security Bulletin. It contains information regarding a fix for a vulnerability in SunOS 4.0.3, SunOS 4.1 and SunOS 4.1.1. The following Sun Microsystems Security Bulletin only applies to systems that have installed the Sun Source tapes. For more information, please contact Sun Microsystems at 1-800-USA-4SUN. ------------------------------------------------------------------------- SUN MICROSYSTEMS SECURITY BULLETIN: #00107 This information is only to be used for the purpose of alerting customers to problems. Any other use or re-broadcast of this information without the express written consent of Sun Microsystems shall be prohibited. Sun expressly disclaims all liability for any misuse of this information by any third party. ------------------------------------------------------------------- Sun Bug ID : 1059621 Synopsis : security hole created by installing sunsrc Sun Patch ID: Not applicable see fix below. This applies to sites that have installed Sun Source tapes only. The Sun distribution of sources (sunsrc) has an installation procedure which creates the directory /usr/release/bin and installs two setuid root files in it: makeinstall and winstall. These are both binary files which exec other programs: "make -k install" (makeinstall) or "install" (winstall). This makes it possible for users on that system to become root. The solution: chmod ug-s /usr/release/bin/{makeinstall, winstall} (if the sources have already been installed) and/or edit the makefile in sunsrc/release and change the SETUID definition (if the sources have been extracted from tape but not installed yet) ------------------------------------------------------------------- Special thanks to CERT and Tel-Aviv University for reporting this problem. Brad Powell Sun Microsystems Software Security Coordinator. --------------------------------------------------------------------------- The CERT/CC would like to thank Sun Microsystems, Inc. for their response to this vulnerability. We would also like to thank Ariel Cohen from Tel-Aviv University, School of Mathematical Sciences for reporting the problem. --------------------------------------------------------------------------- If you believe that your system has been compromised, contact CERT/CC via telephone or e-mail. Computer Emergency Response Team/Coordination Center (CERT/CC) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Internet E-mail: cert@cert.sei.cmu.edu Telephone: 412-268-7090 24-hour hotline: CERT/CC personnel answer 7:30a.m.-6:00p.m. EST, on call for emergencies during other hours. Past advisories and other computer security related information are available for anonymous ftp from the cert.sei.cmu.edu (128.237.253.5) system. =============================================================================== ! ! This VAX MAIL distribution list contains all system managers ! (exclusive of NETMGRS.DIS, the network manager's distribution ! list) on the GE DECnet network. To be complete, a mailing to ! system managers must also include those individuals in ! NETMGRS.DIS. ! ! 17-MAY-1991 ! ! Source: ELAB::GEDECNET ! ! Site names should be the GE DECnet Network site name so that ! we can associate responsibility each system manager's name. ! ! The city and state should be the actual location for the individual. ! acs1::hazeltine !ACS_VF Valley Forge, PA Andy Hazeltine acs1::sscrmlt !ACS_VF Valley Forge, PA Mark Laffin acs1::ss2aelv !ACS_VF Valley Forge, PA Art Laholt seo::system !ACSD Seattle, WA Dave McKinstry vaxms1::bender !AESD Utica, NY Bill Bender gitoc1::ae2510t !AE_CIN1 Cincinnati, OH Mike Allshouse pmc1::anderson !AE_CIN1 Cincinnati, OH Grant Anderson ecamv1::boyle !AE_CIN1 Cincinnati, OH Dave Boyle petsys::system1 !AE_CIN1 Cincinnati, OH Jim Heath aee690::schulte !AE_CIN1 Cincinnati, OH Doug Schulte aee040::aewcs01t !AE_CIN1 Cincinnati, OH Charlie Slaven pmc1::rack !AE_CIN1 Cincinnati, OH Sherrie Rack odin::truman !AE_CIN1 Florence, SC Alicia Truman antvax::crick !AE_CIN1 San Jose, CA Steve Crick snetx::sanjines !AE_CIN1 San Jose, CA Louis Sanjines strnfs::k0455sys !AE_CIN2 Arkansas City, KS Mike McEwen strasr::dpdaly !AE_CIN2 Arkansas City, KS Dave Daly iron::mazza !AE_CIN2 Cincinnati, OH Steve Mazza wmeth1::tschutte !AE_CIN2 Wilmington, NC Tom Schutte wmeth1::gwilliams !AE_CIN2 Wilmington, NC Gary Williams sparev::bryan !AE_CIN2 Wilmington, NC Liz Bryan (NEBO) sparev::arun !AE_CIN2 Wilmington, NC Arun Sanghvi (NEBO) sparev::sessions !AE_CIN2 Wilmington, NC Zack Sessions(NEBO) hkncm2::system !AEBG_LYNN Hooksett, NH Wayne Eddy hkvax::system !AEBG_LYNN Hooksett, NH Moe Giddis dncvax::audette !AEBG_LYNN Rutland, VT Laura Audette dncvax::bixby !AEBG_LYNN Rutland, VT Bob Bixby dncvax::mason !AEBG_LYNN Rutland, VT Dave Mason dncvax::miles !AEBG_LYNN Rutland, VT Tom Miles dncvax::varian !AEBG_LYNN Rutland, VT Barry Varian vax74::system !AEBG_LYNN Lynn, MA George Blais cad3::carraro !AEBG_LYNN Lynn, MA Russ Carraro ael310::system !AEBG_LYNN Lynn, MA Matt Chella vax74::cowen !AEBG_LYNN Lynn, MA Paul Cowen cad3::don !AEBG_LYNN Lynn, MA Don Deschenes wofhst::system !AEBG_LYNN Lynn, MA Al Giles cad3::healey !AEBG_LYNN Lynn, MA Bob Healey cell02::system !AEBG_LYNN Lynn, MA Merrit Heminway cimv1::system !AEBG_LYNN Lynn, MA Te Hoang aeaa1::livermore !AEBG_LYNN Lynn, MA Don Livermore aeldev::system !AEBG_LYNN Lynn, MA Amy Macarthur cad3::martym !AEBG_LYNN Lynn, MA Marty Monahan cg540::system !AEBG_LYNN Lynn, MA Bill Nuymer fofv1::system !AEBG_LYNN Lynn, MA Dean Panagopoulos fof107::sanguedolce !AEBG_LYNN Lynn, MA Bob Sanguedolce ael009::system !AEBG_LYNN Lynn, MA Barry Sahovey mc3601::system !AEBG_LYNN Lynn, MA Dave St. Pierre jay::4366 !ASD Burlington, VT Bob Brych jay::5852 !ASD Burlington, VT Neal Blanchard atl::acolabelli !ATL Moorestown, NJ Tony Calabelli ispvax::banewicz !CRD Schenectady, NY Donna Banewicz ispvax::bennett !CRD Schenectady, NY Wayne Bennett cadvax::darkangelo !CRD Schenectady, NY Dom Darkangelo rdsvax::frankr !CRD Schenectady, NY Ron Frank isovax::stec !CRD Schenectady, NY Joyce Stec orcon::genesi !DSD Pittsfield, MA Rick Genesi orcon::zanotta !DSD Pittsfield, MA Dave Zanotta elab::smith !ELAB Syracuse, NY Tom Smith zeus::cbishop !F&ESD_ASD Burlington, MA Chuck Bishop luke::sbutt !GCSD Camden, NJ Steve Butt r2d2::phenry !GCSD Camden, NJ Trish Henry atl::hholcombe !GCSD Camden, NJ Howard Holcombe leia::jfmclaughlin !GCSD Camden, NJ John McLaughlin cho000::carl_r !GE_FANUC_CHO Charlottesville, VA Rick Carl cho000::hubert_d !GE_FANUC_CHO Charlottestille, VA geisco::lvu !GEIS Rockville, MD Luan Vu geisco::system !GEIS Rockville, MD Dave Younoszai hco880::wasden !HCO Huntsville, AL Jim Wasden liso::dierker !LBG Cleveland, OH Bill Dierker liso::farinacci !LBG Cleveland, OH Tony Farinacci liso::hepp !LBG Cleveland, OH John Hepp liso::higgins !LBG Toronto, Canada Sean Higgins win::majzel !LBG Winchester, VA Mike Majzel liso::tuma !LBG Cleveland, OH Bert Tuma liso::wentz !LBG Cleveland, OH Eric Wentz liso::whiteb !LBG Cleveland, OH Brian White reston::hartmeyer !M&DSO Reston, VA Kurt Hartmeyer reston::thomas !M&DSO Reston, VA Dave Thomas trees::barnes !M&DSO Valley Forge, PA Bill Barnes trees::gurney !M&DSO Valley Forge, PA Sharon Gurney trees::lipshutz !M&DSO Valley Forge, PA Cindy Lipshutz trees::ward !M&DSO Valley Forge, PA Hugh Ward acons0::miller !MABG_PROD Columbia, TN Dave Miller geappl::l024619 !MABG_PROD Louisville, KY Bryan Dooley tacl::trclemens !MABG_PROD Louisville, KY Tim Clemens tacl::ndmann !MABG_TECH Louisville, KY Nathan Mann tacl::dlnorris !MABG_TECH Louisville, KY Don Norris c5vr::pavlin !MESO Syracuse, NY Andy Pavlin c5vn::roller !MESO Syracuse, NY Don Roller e7va::sys_singer !MESO Syracuse, NY Larry Singer astro::goldberg !RCA_AED Hightstown, NJ Fred Goldberg esdsdf::gore !RCA_MSRD_VCC Moorestown, NJ Bob Gore muppet::sickles !RCA_MSRD_VCC Moorestown, NJ Brian Sickles rso::roy_wi !RSO Philadelphia, PA Bill Roy scovcb::lambert_lt !SCO Valley Forge, PA Lee Lambert advax::barry !SCSD Daytona Beach, FL Barry Fishman dabzoo::rgl !SCSD Daytona Beach, FL Greg Lee tbosch::look !TBO_FBG Fitchburg, MA Allen Look tbosch::courtemanche !TBO_FBG Fitchburg, MA Jeff Courtemanche ws::haynes !WESTERN_SYS San Jose, CA Tom Haynes