_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin New patch #100383-03 available for /usr/ucb/rdist on SunOS systems November 22, 1991, 1200 PST Number C-8 _________________________________________________________________________ PROBLEM: A new bug discovered in /usr/ucb/rdist may allow users to gain root privilege PLATFORM: All supported Sun architectures and operating system versions DAMAGE: Allows unauthorized root access with unrestricted access to the system SOLUTION: Apply patch 100383-03 available from Sun or ftp.uu.net _________________________________________________________________________ Critical Facts about /usr/ucb/rdist patch Sun Microsystems has recently released a security bulletin #00113 describing a new patch available for SunOS systems. This patch closes a vulnerability in the /usr/ucb/rdist program that could allow an intruder to gain root access to the system by creating a setuid root shell. This patch, and all others Sun patches are available through your local Sun answer centers worldwide as well as through anonymous ftp: in the US, ftp to ftp.uu.net and obtain the patch from the ~ftp/sun-dist directory; in Europe, ftp to mcsun.eu.net and obtain the patch from the ~ftp/sun/fixes directory. The patch must be retrieved in binary mode, then uncompressed at the local system. The checksum of compressed tarfile 100383-03.tar.Z on ftp.uu.net is 50273 163. This patch file includes new versions of the /usr/ucb/rdist program for SunOS 4.1.1, 4.1, and 4.0.3 for all supported hardware platforms. To install the patch on your system, follow the instructions available in the README file which accompanies the patch files. If you do not use the rdist command on your system, Sun recommends that you change the permissions of the /usr/ucb/rdist file using the following command (as root): chmod 0100 /usr/ucb/rdist For additional information or assistance, please contact CIAC: David Brown (510)423-9878** or (FTS) 543-9878 (FAX) (510) 423-8002** or (FTS) 543-8002 dsbrown@llnl.gov Send e-mail to ciac@llnl.gov or call CIAC at (510) 422-8193**/(FTS)532-8193. **Note area code has changed from 415, although the 415 area code will work until Jan. 1992. PLEASE NOTE: Many users outside of the DOE and ESnet computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Some of the other teams include the NASA NSI response team, DARPA's CERT/CC, NAVCIRT, and the Air Force response team. Your agency's team will coordinate with CIAC. CIAC would like to thank Ken Pon at Sun Microsystems for providing some of the information described in this bulletin. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government nor the University of California, and shall not be used for advertising or product endorsement purposes.