home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Forum of Incident Response & Security Teams
/
Forum_of_Incident_Response_and_Security_Teams_FIRST_October_1994.iso
/
teaminfo
/
nasirc
/
nasa9310.txt
< prev
next >
Wrap
Text File
|
1994-07-02
|
4KB
|
100 lines
NASIRC BULLETIN #93-10 December 16, 1993
Solaris System Startup Vulnerability
=======================================================
====================
__ __ __ ___ ___ ____ ____
/_/\ /_/| /_/ / _/\ /_/| / __/ \ / __/\
| |\ \| || / \ \ | /\/ | || | /\ \/ | | \/
| ||\ \ || / /\ \ \ \ \ | || |_\/ /\ | |
| || \ \|| / /--\ \ \ /\_\\ | || | |\ \ \ | \_/\
|_|/ \_|//_/ \_\/ \/__/ |_|/ |_| \_\/ \___\/
NASA Automated Systems Incident Response Capability
=======================================================
====================
NASIRC has received information concerning a potential security
problem involving Solaris 2.x systems and Solaris x86. The problem does
not exist in sun3 architectures.
If fsck(8) fails during system boot, a privileged shell is run on the
system console. This vulnerability allows a user, sitting at the
console, to gain root access to the system.
A simple change to two system scripts can be used to close this
potential security vulnerability. The modified shells will cause the
system to run the privileged shell only if the user at the console
enters the correct root password. The changes, described below, have
been integrated into the upcoming Solaris release.
If you wish to make the change on your system, edit both:
/sbin/rcS
and /sbin/mountall
changing every occurrence of:
/sbin/sh < /dev/console
to
/sbin/sulogin < /dev/console
As distributed by Sun, /sbin/rcS contains one occurrence of this
string, at line 152; and /sbin/mountall contains two, on at line 66 an
done at line 250.
Once this change has been made, sulogin will request the root password
in the event fsck(8) fails, before starting a privileged shell. The
success or failure of sulogin will be logged in /var/adm/sulog.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
NASIRC ACKNOWLEDGES: Sun Microsystems, Inc. for their reporting
and coordination of solutions to this problem
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
The NASIRC online archive system is available via anonymous ftp.
Just ftp to nasirc.nasa.gov and login as anonymous. You will be
required to enter your valid e-mail address. Once there you can
access the following information:
/toolkits ! contains automated toolkit software
/bulletins ! contains NASIRC bulletins
Information maintained in these directories will be updated on a
continuous basis with relevant software and information. Contact
the NASIRC Helpdesk for more information and assistance with
toolkits or security measures.
=======================================================
================
For further assistance, please contact the NASIRC Helpdesk:
Phone: 1-800-7-NASIRC Fax: 1-301-306-1010
Internet Email: nasirc@nasa.gov
24 Hour/Emergency Pager: 1-800-759-7243/Pin:5460866
=======================================================
================
This bulletin may be forwarded without restrictions to sites and
system administrators within the NASA community
-----------------
PLEASE NOTE: Users outside of the NASA community may receive NASIRC
bulletins. If you are not part of the NASA community, please contact
your agency's response team to report incidents. Your agency's team
will coordinate with NASIRC, who will ensure the proper internal
NASA team(s) are notified. NASIRC is a member of the Forum of Incident
Response and Security Teams (FIRST), a world-wide organization which
provides for coordination between incident response teams in handling
computer-security-related issues.
A list of FIRST member organizations and their constituencies can be
obtained by sending email to docserver@first.org with an empty subject
line and a message body containing the line: send first-contacts.