The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Unix 'Security Mailing List' - Archives (1984 - 1987)
DOCUMENT: Unix 'Security Mailing List' #22 1986-05-11 (1 file, 1476 bytes)
SOURCE: http://securitydigest.org/exec/display?f=unix/archive/022.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT


Date: 11 May 86 22:11:53 MST (Sun)
Subject: Security Mailing List, # 22

----------------------------------------------------------------------------

Editor's corner

        Well, hello, its been a long time. I'm excruciatingly sorry to have
        been so long to get another issue of this list out; the travails
        would have left both Odysseus and Aeneus in shame. But enough of
        the soft violins.

        Concerning back issues - that's the next problem. I'll announce
        when and where they'll be available. Please don't request them
        until I announce it.

        I would appreciate it if every addressee would please return to me
        an acknowledgement to this issue or the one I'll be sending next
        weekend. I intend to purge my list of everyone who has not
        answered in two weeks.

        Those of you on the list know the trouble you went through to get
        on the list. I now have an active list of about 250 addressees,
        including several generic aliases at various places. I would like
        to make it a common rule that everyone on the list be addressed
        through an alias, like "security@harvard" or some such; I think it
        will 1) add a little security to the distribution, and 2) cut down
        the size of the list that I mail to.

        I have a backlog of some 120 requests to join the mailing list.
        I'll be filtering through these in the next two weeks.

        I have one article to spice up this issue. If you have anything to
        report, or sent me an article that got lost (I had four at one
        time, but they disappeared over Christmas), please send it to me
        at the addresses at this article's end.

        Lyle

----------------------------------------------------------------------------

Date: Sat, 19 Apr 86 14:26:33 PST
From: onecom!ihnp4!hoptoad!gnu (John Gilmore)
Subject: Sun-3 tftp daemon is required on servers but insecure

Release:  Sun Unix 3.0 FCS
Customer:
        John Gilmore
        Nebula Consultants
        1805 Golden Gate Ave.
        San Francisco, CA  94115
        +1 415 931 4667   voice
        sun!hoptoad!gnu   data

Description:
       The tftp daemon allows anyone on the internetwork to read
        any publicly readable file (e.g. /etc/passwd) on the system.
        In earlier systems it was possible to turn off this daemon
        and avoid the bug.  In 3.0, the bug has not been fixed, and
        tftp has been made required for servers, since it is used
        to boot clients.

Repeat-By:
        % tftp host
        > get /etc/passwd /tmp/pw
        > get /etc/hosts.equiv /tmp/he
        > get /.rhosts /tmp/rh
        > q
        %

        examine them, run password breaking programs, break in.

Fix:
        Fix the tftp daemon to provide the same level of security
        as the ftp daemon (eg. do a "chroot" to a private directory).

----------------------------------------------------------------------------

                    The UNIX security issues mail list

               Ignore the headers on this list and mail to:
           ...denelcor!security            (mail for the list).
            ...denelcor!sec-request         (administrativia).

END OF DOCUMENT