Date: Sat Jun 22 17:00:39 PDT 1991 Subject: Core Security Digest V1 #19 Core Security Digest Volume 1 Issue 19 subject(s): Early post of Sun Security Bulletin going straight The unix core security mailing list is by invitation only and contains sensitive material which SHOULD NOT BE REVEALED to non-members. DO NOT PUT ANY LIST CONTENTS IN LOCATIONS ACCESSABLE TO NON-MEMBERS. If you must keep copies on-line, please encrypt them at the very least. PLEASE POST TO: core@uninet.cpd.com PLEASE SEND EMERGENCY ALERTS TO: core-emergency@uninet.cpd.com PLEASE SEND REQUESTS TO: core-request@uninet.cpd.com ------------------------------------------------------------------------ Date: Fri, 31 May 91 12:33:35 PDT From: Brad.Powell@Corp.Sun.COM (Brad Powell ) Subject: Early post of Sun Security Bulletin [ sorry about the lateness of this. Darn shell scripts 8-(. neil ] yet another bulletin :-). This will be going out shortly across Sun's CWS please be advised. Note that a 4.0.3 version is currently being ported. the -01 version of the patch has SunOS 4.1.1 and SunOS 4.1 support. SUN MICROSYSTEMS SECURITY BULLETIN: #00108 This information is only to be used for the purpose of alerting customers to problems. Any other use or re-broadcast of this information without the express written consent of Sun Microsystems shall be prohibited. Sun expressly disclaims all liability for any misuse of this information by any third party. All patches listed are available through your local Sun answer centers worldwide as well as through anonymous ftp to ftp.uu.net. In the US on ~ftp/sun-dist directory and in Europe on mcsun.eu.net on ~ftp/sun/fixes directory. Please refer to the BugID and PatchID when requesting patches from Sun answer centers. Sun Bug ID : 1057834 1058003 1016437 1040453 Synopsis : The current SunOS/BSD line printer spooler has a flaw which allows system files to be deleted by the lp daemon. Sun Patch ID: 100305-01 Checksum of compressed tarfile 100305-01.tar.Z = 31440 239 Detailed Information: Patch-ID# 100305-01 Keywords: security passwd lpd delete system Synopsis: SunOS 4.1.1;4.1: lpd can be used to delete any file on the system Date: 30/May/91 SunOS release: 4.1.1, 4.1 Unbundled Product: Unbundled Release: Topic: lpd BugId's fixed with this patch: 1057834 1058003 1016437 1040453 Architectures for which this patch is available: sun3, sun3x, sun4, sun4c Patches which may conflict with this patch: Obsoleted by: SunOS 5.0 Problem Description: The current BSD line printer spooler has a flaw which allows system files to be deleted by the lp daemon. INSTALL: as root: first do a "ps ax |grep lpd" and kill off the currently running lpd process. the return from ps should be something like: 134 ? IW 0:00 /usr/lib/lpd 26753 p5 S 0:00 grep lpd # kill -9 {process id of lpd. in the above example this is 134} then save aside the FCS version of lpd, and change the mode so that it cannot be misused. # mv /usr/lib/lpd /usr/lib/lpd.FCS # chmod 100 /usr/lib/lpd.FCS copy in the new version and restart lpd. # cp sun{3,3x,4,4c}/{4.1,4.1.1}/lpd /usr/lib/lpd # chmod 6755 /usr/lib/lpd # chown root /usr/lib/lpd # chgrp daemon /usr/lib/lpd # rm -f /dev/printer /var/spool/lpd.lock restart the lpd daemon # /usr/lib/lpd ------------------------------------------------------------------------ Date: Sat, 22 Jun 91 16:55:45 PDT From: neil (Neil Gorsuch) Subject: going straight [ It just occurred to me that this might interest you. A little while back, I had a few phone conversations with someone that claimed to be part of the more hard-core cracker groups. He wanted my advice on how to use his knowledge in a legitimate manner for financial gain. After telling him that maybe consulting was a way to go (he said that the few companies he had already contacted wouldn't trust him), I asked him if the cracker groups knew about any division of the security list. He then proceeded to tell me the name of this list, but said that no-one had gotten copies of it yet. So let's be careful out there, people 8-). - neil ] ------------------------------------------------------------------------ End of Core Security Digest Volume 1 Issue 19 **********************