_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin February 20, 1991, 1700 PST Number B-13 UNIX Security Problem with /bin/mail in SunOS ________________________________________________________________________ PROBLEM: Bug in /bin/mail allows users unauthorized privileged access PLATFORM: SunOS 4.03, 4.1 and 4.1.1; Sun3, Sun3x, Sun4, Sun4c and Sun4/490_4.1_PSR_A architectures DAMAGE: Potential for significant damage once intruder has gained root access. PATCH: Available through anonymous ftp from ftp.uu.net or from Sun (contact Sun at 1-800-USA4SUN for details). _______________________________________________________________________ Critical /bin/mail Bug Facts A recently discovered vulnerability in SunOS bin/mail allows an intruder to obtain unauthorized access to a root shell. This vulnerability applies to versions 4.0.3, 4.1, and 4.1.1 of SunOS running on the Sun3, Sun3x, Sun4, Sun4c, and Sun4/490_4.1_PSR_A architectures. Sun Microsystems has prepared a patch described in Sun Microsystems Security Bulletin #00105. The particulars are: Patch ID: 100224-01 BugIDs fixed by this patch: 1045636 and 1047340 Availability: Anonymous FTP from ftp.uu.net:/sun-dist/100224-01.tar.Z Checksum of the compressed tarfile 100224-01.tar.Z = 64102 109 Patches Obsoleted: 100161-01 Obsoleted by: SysV Release 4 Patch installation instructions are as follows: (Login as root - you must have root access to apply this patch!) (Create a temporary directory and "cd" to it) (Use anonymous FTP to obtain the file sun-dist/100224-01.tar.Z from ftp.uu.net) # uncompress 100224-01.tar # tar xvf 100224-01.tar # mv /bin/mail /bin/mail.old # cp $arch/$os/mail /bin/mail (where $arch is either sun3 sun4 sun4c or sun3x) (and where $os is either 4.0.3 4.1 or 4.1.1) ( change the permissions for the newly installed mail binary) # chmod 4755 /bin/mail (You will probably wish to delete the 100224-01.tar file and the files created by "de-tar-ing" 100224-01.tar at this time!) For additional information or assistance, please contact CIAC Hal R. Brand (415) 422-6312 or (FTS) 532-6312 During working hours, call CIAC at (415) 422-8193 or (FTS) 532-8193. For non-working hour emergencies , call (415) 422-7222 or (FTS) 532-7222 and ask for CIAC (this is a new emergency number). send FAX messages to: (415) 423-0913 or (FTS) 543-0913 Tsutomu Shimomura and Sun Microsystems provided some of the information contained in this bulletin. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government nor the University of California, and shall not be used for advertising or product endorsement purposes.