The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Core 'Security Digest' - Archives (1990 - 1991)
DOCUMENT: Core 'Security Digest' V1 #19 1991-06-22 (1 file, 2126 bytes)
SOURCE: http://securitydigest.org/exec/display?f=core/archive/119.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT


Date: Sat Jun 22 17:00:39 PDT 1991
Subject: Core Security Digest V1 #19

Core Security Digest Volume 1 Issue 19

subject(s):

            Early post of Sun Security Bulletin
            going straight

The unix core security mailing list is by invitation only and contains
sensitive material which SHOULD NOT BE REVEALED to non-members.
DO NOT PUT ANY LIST CONTENTS IN LOCATIONS ACCESSABLE TO NON-MEMBERS.
If you must keep copies on-line, please encrypt them at the very least.

PLEASE POST TO:                              core@uninet.cpd.com
PLEASE SEND EMERGENCY ALERTS TO:   core-emergency@uninet.cpd.com
PLEASE SEND REQUESTS TO:             core-request@uninet.cpd.com


------------------------------------------------------------------------

Date: Fri, 31 May 91 12:33:35 PDT
From: Brad.Powell@Corp.Sun.COM (Brad Powell )
Subject: Early post of Sun Security Bulletin

[ sorry about the lateness of this.  Darn shell scripts 8-(.  neil ]

 yet another bulletin :-). This will be going out shortly across Sun's CWS
 please be advised.

Note that a 4.0.3 version is currently being ported.
 the -01 version of the patch has SunOS 4.1.1 and SunOS 4.1 support.

SUN MICROSYSTEMS SECURITY BULLETIN:
#00108

 This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.

Sun expressly disclaims all liability for any misuse of this information
by any third party.

   All patches listed are available through your local Sun answer centers
   worldwide as well as through anonymous ftp to ftp.uu.net.
   In the US on ~ftp/sun-dist directory and in Europe on mcsun.eu.net
   on ~ftp/sun/fixes directory.

Please refer to the BugID and PatchID when requesting patches from Sun
answer centers.

Sun Bug ID  : 1057834 1058003 1016437 1040453

Synopsis    : The current SunOS/BSD line printer spooler has a flaw which
              allows system files to be deleted by the lp daemon.

Sun Patch ID: 100305-01

Checksum of compressed tarfile 100305-01.tar.Z =  31440   239

Detailed Information:

Patch-ID#  100305-01
Keywords: security passwd lpd delete system
Synopsis: SunOS 4.1.1;4.1: lpd can be used to delete any file on the system
Date: 30/May/91

SunOS release: 4.1.1, 4.1

Unbundled Product:

Unbundled Release:

Topic: lpd

BugId's fixed with this patch: 1057834 1058003 1016437 1040453

Architectures for which this patch is available: sun3, sun3x, sun4, sun4c

Patches which may conflict with this patch:

Obsoleted by: SunOS 5.0

Problem Description: The current BSD line printer spooler has a flaw
                     which allows system files to be deleted by the lp daemon.

INSTALL:

as root:

first do a "ps ax |grep lpd"  and kill off the currently running lpd process.
the return from ps should be something like:
 134 ?  IW    0:00 /usr/lib/lpd
26753 p5 S     0:00 grep lpd
# kill -9 {process id of lpd. in the above example this is 134}

then save aside the FCS version of lpd, and change the mode so that it cannot be
misused.
# mv /usr/lib/lpd /usr/lib/lpd.FCS
# chmod 100 /usr/lib/lpd.FCS

copy in the new version and restart lpd.

# cp sun{3,3x,4,4c}/{4.1,4.1.1}/lpd /usr/lib/lpd
# chmod 6755 /usr/lib/lpd
# chown root /usr/lib/lpd
# chgrp daemon /usr/lib/lpd
# rm -f /dev/printer /var/spool/lpd.lock

restart the lpd daemon

# /usr/lib/lpd

------------------------------------------------------------------------

Date: Sat, 22 Jun 91 16:55:45 PDT
From: neil (Neil Gorsuch)
Subject: going straight

[ It just occurred to me that this might interest you.  A little while back,
I had a few phone conversations with someone that claimed to be part of the
more hard-core cracker groups.  He wanted my advice on how to use his
knowledge in a legitimate manner for financial gain.  After telling him
that maybe consulting was a way to go (he said that the few companies he
had already contacted wouldn't trust him), I asked him if the cracker groups
knew about any division of the security list.  He then proceeded to tell me
the name of this list, but said that no-one had gotten copies of it yet.
So let's be careful out there, people 8-).    - neil ]

------------------------------------------------------------------------

        End of Core Security Digest Volume 1 Issue 19
        **********************

END OF DOCUMENT