home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1994 March
/
Internet Info CD-ROM (Walnut Creek) (March 1994).iso
/
inet
/
scc
/
ddn-security-9302
< prev
next >
Wrap
Text File
|
1993-01-20
|
8KB
|
151 lines
**************************************************************************
Security Bulletin 9302 DISA Defense Communications System
January 21, 1993 Published by: DDN Security Coordination Center
(SCC@NIC.DDN.MIL) 1-(800) 365-3642
DEFENSE DATA NETWORK
SECURITY BULLETIN
The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security
Coordination Center) under DISA contract as a means of communicating
information on network and host security exposures, fixes, and concerns
to security and management personnel at DDN facilities. Back issues may
be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5]
using login="anonymous" and password="guest". The bulletin pathname is
scc/ddn-security-yynn (where "yy" is the year the bulletin is issued
and "nn" is a bulletin number, e.g. scc/ddn-security-9302).
**************************************************************************
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
! !
! The following important advisory was issued by the Computer !
! Emergency Response Team (CERT) and is being relayed unedited !
! via the Defense Information Systems Agency's Security !
! Coordination Center distribution system as a means of !
! providing DDN subscribers with useful security information. !
! !
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
CA-93:02 CERT Advisory
January 20, 1993
NeXT NetInfo "_writers" Vulnerabilities
-----------------------------------------------------------------------------
The CERT Coordination Center has received information from NeXT Computer,
Inc. concerning a vulnerability in the distributed printing facility of NeXT
computers running all releases of NeXTSTEP software through NeXTSTEP Release
3.0. For more information, please contact your authorized support center.
If you are an authorized support provider, please contact NeXT through your
normal channels.
-----------------------------------------------------------------------------
I. Description
The default NetInfo "_writers" properties are configured to allow
users to install printers and FAX modems and to export them to the
network without requiring assistance from the system administrator.
They also allow a user to configure other parts of the system, such as
monitor screens, without requiring help from the system administrator.
Vulnerabilities exist in this facility that could allow users to gain
unauthorized privileges on the system.
II. Impact
In the case of the "/printers" and the "/fax_modems" directories, the
"_writers" property can permit users to obtain unauthorized root
access to a system.
In the "/localconfig/screens" directory, the "_writers" property can
potentially permit a user to deny normal login access to other users.
III. Solution
To close the vulnerabilities, remove the "_writers" properties from
the "/printers", "/fax_modems", and "/localconfig/screens" directories
in all NetInfo domains on the network, and from all immediate
subdirectories of all "/printers", "/fax_modems", and
"/localconfig/screens" directories. The "_writers" properties may be
removed using any one of the following three methods:
A. As root, use the "niutil" command-line utility. For example, to
remove the "_writers" property from the "/printers" directory:
# /usr/bin/niutil -destroyprop . /printers _writers
B. Alternatively, use the NetInfoManager application: open the
desired domain, open the appropriate directory, select the
"_writers" property, choose the "Delete" command [Cmd-r] from
the "Edit" menu, and save the directory.
C. To assist system administrators in editing their NetInfo
domains, a shell script, "writersfix", is available via
anonymous FTP from next.com (129.18.1.2):
Filename Size Checksum
-------- ---- --------
pub/Misc/Utilities/WritersFix.compressed 5515 53660 6
After transferring this file using BINARY transfer type,
double-click on the file. A "WritersFix" directory will be
created in your file system, containing the script
("writersfix") and some documentation ("WritersFix.rtf").
Consider removing "_writers" from other NetInfo directories as well
(for example, "/locations"), noting the following trade-off between
ease-of-use and security. By removing the "_writers" properties, the
network and the computers on the network become more secure, but a
system administrator's assistance is required where it previously was
not required.
Please refer to the NeXTSTEP Network and System Administration manual
for additional information on "_writers". Note that the
subdirectories of the "/users" directory have "_writers_passwd" set to
the user whose account is described by the directory. This is
essential if users are to be able to change their own passwords, and
this does not compromise system security.
-----------------------------------------------------------------------------
The CERT Coordination Center wishes to thank Alan Marcum and Eric Larson of
NeXT Computer, Inc. for notifying us about the existence of these
vulnerabilities and for providing appropriate technical information.
-----------------------------------------------------------------------------
If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in FIRST (Forum of Incident
Response and Security Teams).
Internet E-mail: cert@cert.org
Telephone: 412-268-7090 (24-hour hotline)
CERT personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),
on call for emergencies during other hours.
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous FTP
from cert.org (192.88.209.5).
****************************************************************************
* *
* The point of contact for MILNET security-related incidents is the *
* Security Coordination Center (SCC). *
* *
* E-mail address: SCC@NIC.DDN.MIL *
* *
* Telephone: 1-(800)-365-3642 *
* *
* NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, *
* Monday through Friday except on federal holidays. *
* *
****************************************************************************