home *** CD-ROM | disk | FTP | other *** search
-
- -----BEGIN PGP SIGNED MESSAGE-----
-
-
-
- CA-90:05 CERT Advisory
- August 14, 1990
- SunView selection_svc vulnerability
- - -----------------------------------------------------------------------------
-
- Sun has recently released a patch for a security hole in SunView.
- This problem affects SunView running on all versions of SunOS (3.5 and
- before, 4.0, 4.0.1, 4.0.3, and 4.1) and all platforms (Sun3, Sun4,
- 386i). This vulnerability allows any remote system to read selected
- files from the workstation running SunView. As noted below in the
- IMPACT section, the files that can be read are limited.
-
- This vulnerability is in the SunView (aka SunTools) selection_svc
- facility and can be exploited while SunView is in use; however, as
- noted below in the IMPACT section, this bug may be exploitable after
- the user quits using Sunview. This problem cannot be exploited while
- X11 is in use (unless the user runs X11 after running Sunview; see the
- IMPACT section). This problem is specific to Sun's SunView software;
- to our knowledge, this problem does NOT affect other vendor platforms
- or software.
-
- OBTAINING THE PATCH
-
- To obtain the patch, please call your local Sun Answer Center
- (in the USA, it's 1-800-USA-4SUN), and ask for patch number 100085-01.
- You can also reference Sun Bug ID 1039576.
-
- The patch is available for SunOS 4.0.1, 4.0.3 and SunOS 4.1, on Sun3,
- Sun4, and 386i architectures. Contact Sun for further details.
-
-
- IMPACT
-
- On Sun3 and Sun4 systems, a remote system can read any file that is
- readable to the user running SunView. On the 386i, a remote system
- can read any file on the workstation running SunView regardless of
- protections. Note that if root runs Sunview, all files are
- potentially accessible by a remote system.
-
- If the password file with the encrypted passwords is world readable,
- an intruder can take the password file and attempt to guess passwords.
- In the CERT/CC's experience, most systems have at least one password
- that can be guessed.
-
- Sunview does not kill the selection_svc process when the user quits
- from Sunview. Thus, unless the process is killed, remote systems can
- still read files that were readable to the last user that ran Sunview.
- Under these circumstances, once a user has run Sunview, start using
- another window system (such as X11), or even logoff, but still have
- files accessible to remote systems. However, even though
- selection_svc is not killed when Sunview exits, the patch still solves
- the security problem and prevents remote access.
-
-
- CONTACT INFORMATION
-
- For further questions, please contact your Sun answer center or send
- mail to security-features@sun.com.
-
- Thanks to Peter Shipley for discovering, documenting, and helping
- resolve this problem.
- - -----------------------------------------------------------------------------
-
- Computer Emergency Response Team/Coordination Center (CERT/CC)
- Software Engineering Institute
- Carnegie Mellon University
- Pittsburgh, PA 15213-3890
-
- Internet: cert@cert.org
- Telephone: 412-268-7090 24-hour hotline: CERT personnel answer
- 7:30a.m.-6:00p.m. EST, on call for
- emergencies other hours.
-
- Past advisories and other information are available for anonymous ftp
- from cert.org (192.88.209.5).
-
- -----BEGIN PGP SIGNATURE-----
- Version: 2.6.2
-
- iQCVAwUBMaMwgnVP+x0t4w7BAQGvegP/dQJU1tDlKDs4qqZjvglPAQQyzghECLdg
- 3mrBt11VkyT+1mQwvwTDYq1Vm0UD517kTnp5lAt0aIwSYni9vJ5s16fu5qyHuCzg
- DnT9o3xcJZsATaGhUvVmZ80lqpEc1+7uno7+n6Tv3f+ENMdAqC0zC+Tn2RRcKGP6
- 4fNbvV3ORC0=
- =+ie9
- -----END PGP SIGNATURE-----
-
-
