CA-91:02                    CERT Advisory
                            March 26, 1991
                    SunOS in.telnetd Vulnerability

-------------------------------------------------------------------------

DESCRIPTION:

The Computer Emergency Response Team/Coordination Center (CERT/CC) has
obtained information regarding a vulnerability which affects SunOS 4.1
and 4.1.1 versions of in.telnetd on all Sun 3 and Sun 4 architectures.
The vulnerability has been fixed by Sun Microsystems, Inc.

IMPACT:

The vulnerability allows a user on the system to gain unauthorized
access to other accounts, including root.

SOLUTION:

Sun Microsystems, Inc. has patched versions of in.telnetd available for
SunOS 4.1 and 4.1.1 on all Sun 3 and Sun 4 architectures.  The Sun Bug
IDs which are fixed by this patch are: 1054669 1050269 1049886 1042370
1040722 1033809.  The Sun Patch ID (which you will need to order the
patch from a Sun Answer Center (phone number 800 USA 4SUN) is:
100125-02.  The checksum of the compressed tarfile (filename
100125-02.tar.Z) is 44522 46.  The compressed tarfile is available by
anonymous FTP on ftp.uu.net in sun-dist/100125-02.tar.Z as well as on
mcsun.eu.net in sun/fixes/100125-02.tar.Z.

Patch installation instructions are as follows:

  # mv /usr/etc/in.telnetd /usr/etc/in.telnetd.FCS
  # chmod 600 /usr/etc/in.telnetd.FCS 

(These two steps store the old version as a precaution and change the
file mode to that the old version cannot be executed; after verifying
the new version, the old version should be removed.)

  # cp sun{3,3x,4,4c}/in.telnetd /usr/etc/in.telnetd

(Be sure to copy the appropriate version for your architecture.)

  # chmod 711 /usr/etc/in.telnetd
  # chown root /usr/etc/in.telnetd
  # chgrp staff /usr/etc/in.telnetd
  # kill {any executing in.telnetd process(es) (SEE NOTE)}

NOTE: Be careful in killing existing in.telnetd processes, as they may
      be legitimate users attempting to login to the system.

-------------------------------------------------------------------------
Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.sei.cmu.edu
Telephone: 412-268-7090 24-hour hotline:
           CERT personnel answer 7:30a.m.-6:00p.m. EST.
           On call for emergencies during other hours.

Past advisories and other computer security related information are available
for anonymous ftp from the cert.sei.cmu.edu (128.237.253.5) system.