home *** CD-ROM | disk | FTP | other *** search
-
-
- ===========================================================================
-
- CA-91:14 CERT Advisory
-
- August 26, 1991
-
- SGI "IRIX" /usr/sbin/fmt Vulnerability
-
-
-
- ---------------------------------------------------------------------------
-
-
-
- The Computer Emergency Response Team/Coordination Center (CERT/CC) has
-
- received information concerning a vulnerability of mail messages in Silicon
-
- Graphics Computer Systems' IRIX versions prior to 4.0 (this includes all
-
- 3.2 and 3.3.* versions). This problem has been fixed in version 4.0.
-
-
-
- Information regarding the exploitation of this vulnerability is inherently
-
- disclosed by any discussion of the problem (including this Advisory) so
-
- we recommend taking immediate action. Until you are able to apply the patch,
-
- mail at your site is vulnerable to being read by any ordinary user logged
-
- in at that site.
-
-
-
- Silicon Graphics has provided the enclosed patch instructions.
-
-
-
- ---------------------------------------------------------------------------
-
-
-
- I. DESCRIPTION:
-
-
-
- A vulnerability exists such that IRIX pre-4.0 (e.g., 3.3.3) systems
-
- with the basic system software ("eoe1.sw.unix") installed can allow
-
- unauthorized read access to users' mail messages, by exploiting a
-
- configuration error in a standard system utility. Due to the ease
-
- of exploiting this vulnerability and the simplicity of the corrective
-
- action, the CERT/CC urges all sites to install the patch given below.
-
-
-
- II. IMPACT:
-
-
-
- Anyone who can log in on a given IRIX pre-4.0 (3.2, 3.3, 3.3.*) system
-
- can read mail messages which have been delivered to any other user on
-
- that same system.
-
-
-
- III. SOLUTION:
-
-
-
- As "root", execute the following commands:
-
-
-
- chmod 755 /usr/sbin/fmt
-
- chown root.sys /usr/sbin/fmt
-
-
-
- If system software should ever be reloaded from a 3.2 or 3.3.*
-
- installation tape or from a backup tape created before the patch
-
- was applied, repeat the above procedure immediately after the software
-
- has been reloaded, before enabling logins by normal users.
-
-
-
- [Fixed in IRIX 4.0.]
-
-
-
-
-
- ---------------------------------------------------------------------------
-
- The CERT/CC would like to thank Silicon Graphics for bringing this
-
- vulnerability and solution to our attention.
-
- ---------------------------------------------------------------------------
-
-
-
- If you believe that your system has been compromised, contact CERT/CC via
-
- telephone or e-mail.
-
-
-
- Computer Emergency Response Team/Coordination Center (CERT/CC)
-
- Software Engineering Institute
-
- Carnegie Mellon University
-
- Pittsburgh, PA 15213-3890
-
-
-
- Internet E-mail: cert@cert.sei.cmu.edu
-
- Telephone: 412-268-7090 24-hour hotline:
-
- CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
-
- on call for emergencies during other hours.
-
-
-
- Past advisories and other computer security related information are available
-
- for anonymous ftp from the cert.sei.cmu.edu (192.88.209.5) system.
-
-
-
-
-
-
- Downloaded From P-80 International Information Systems 304-744-2253
-
