-----BEGIN PGP SIGNED MESSAGE----- CA-91:07 CERT Advisory May 20, 1991 SunOS Source Tape Installation Vulnerability - ------------------------------------------------------------------------- The Computer Emergency Response Team/Coordination Center (CERT/CC) has received the following information from Sun Microsystems, Inc. (Sun). Sun has given the CERT/CC permission to distribute their Security Bulletin. It contains information regarding a fix for a vulnerability in SunOS 4.0.3, SunOS 4.1 and SunOS 4.1.1. The following Sun Microsystems Security Bulletin only applies to systems that have installed the Sun Source tapes. For more information, please contact Sun Microsystems at 1-800-USA-4SUN. - ------------------------------------------------------------------------- SUN MICROSYSTEMS SECURITY BULLETIN: #00107 This information is only to be used for the purpose of alerting customers to problems. Any other use or re-broadcast of this information without the express written consent of Sun Microsystems shall be prohibited. Sun expressly disclaims all liability for any misuse of this information by any third party. ------------------------------------------------------------------- Sun Bug ID : 1059621 Synopsis : security hole created by installing sunsrc Sun Patch ID: Not applicable see fix below. This applies to sites that have installed Sun Source tapes only. The Sun distribution of sources (sunsrc) has an installation procedure which creates the directory /usr/release/bin and installs two setuid root files in it: makeinstall and winstall. These are both binary files which exec other programs: "make -k install" (makeinstall) or "install" (winstall). This makes it possible for users on that system to become root. The solution: chmod ug-s /usr/release/bin/{makeinstall, winstall} (if the sources have already been installed) and/or edit the makefile in sunsrc/release and change the SETUID definition (if the sources have been extracted from tape but not installed yet) ------------------------------------------------------------------- Special thanks to CERT and Tel-Aviv University for reporting this problem. Brad Powell Sun Microsystems Software Security Coordinator. - --------------------------------------------------------------------------- The CERT/CC would like to thank Sun Microsystems, Inc. for their response to this vulnerability. We would also like to thank Ariel Cohen from Tel-Aviv University, School of Mathematical Sciences for reporting the problem. - --------------------------------------------------------------------------- If you believe that your system has been compromised, contact CERT/CC via telephone or e-mail. Computer Emergency Response Team/Coordination Center (CERT/CC) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Internet E-mail: cert@cert.org Telephone: 412-268-7090 24-hour hotline: CERT/CC personnel answer 7:30a.m.-6:00p.m. EST, on call for emergencies during other hours. Past advisories and other computer security related information are available for anonymous ftp from the cert.org (192.88.209.5) system. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMaMwqnVP+x0t4w7BAQGepgP6A8tusMmhH4xU6QMrxDfGo97XP4cYyGju 1w4Rd+6eX0keE+yuGdtfz6BsSXRdQJpG76U+XHp1W/vDn+4Uht+vT1eDCHM12ZRQ MXzLkQKtjHw6P8W3zNuXUB9DyKoUNxAx7oLhrGptIYXsLEs5KSIXhioARZjWFzO1 2jR6g/cYF7U= =0eUg -----END PGP SIGNATURE-----