Archive of CERT general posting, CERT Vendor-Initiated Bulletin VB-97.01 - Division of Privilege (DoP)

15/03/97, CERT Vendor-Initiated Bulletin VB-97.01 - Division of Privilege (DoP)
From: CERT Bulletin <cert-advisory@cert.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: cert-advisory@cert.org
Subject: CERT Vendor-Initiated Bulletin VB-97.01 - Division of Privilege (DoP)
From: CERT Bulletin <cert-advisory@cert.org>
Date: Fri, 14 Mar 1997 15:29:04 -0500
Organization: CERT(sm) Coordination Center - +1 412-268-7090
Reply-To: cert-advisory-request@cert.org

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
CERT(sm) Vendor-Initiated Bulletin VB-97.01
March 14, 1997

Topic:  Division of Privilege (DoP) - Potential Security Vulnerability
Source: Digital Equipment Corporation

To aid in the wide distribution of essential security information, the CERT
Coordination Center is forwarding the following information from Digital
Equipment Corporation. Digital urges you to act on this information as soon as
possible. Digital Equipment Corporation contact information is included in the
forwarded text below; please contact them if you have any questions or need
further information.


=======================FORWARDED TEXT STARTS HERE============================

_______________________________________________________________________
  PRODUCT:  DIGITAL UNIX[TM] V4.0, V4.0A, V4.0B		MARCH 6, 1997

  TITLE:  Division of Privilege (DoP) - Potential Security Vulnerability
  SOURCE: Digital Equipment Corporation
          Software Security Response Team/Colorado Springs USA

  "Digital is broadly distributing this Security Advisory in order to
  bring to the attention of users of Digital's products the important
  security information contained in this Advisory.  Digital recommends
  that all users determine the applicability of this information to
  their individual situations and take appropriate action.

  Digital does not warrant that this information is necessarily
  accurate or complete for all user situations and, consequently,
  Digital will not be responsible for any damages resulting from
  user's use or disregard of the information provided in this
  Advisory."

- ----------------------------------------------------------------------
IMPACT:

  Digital has discovered a potential vulnerability with the
  Division of Privilege (DoP), "/usr/sbin/dop" for DIGITAL UNIX
  V4.0, V4.0A and V4.0B, where under certain circumstances,
  an unauthorized user may gain unauthorized privileges.  Digital
  strongly recommends that the workaround be implemented
  immediately for any version affected, and that the
  appropriate patch kit be installed as soon as it becomes
  available.


- ----------------------------------------------------------------------
RESOLUTION:

  This potential security issue has been resolved and an
  official fix for this problem will be made available
  beginning the 13th of March 1997. As the patches become
  available per affected version, Digital will provide them
  through:

  o the World Wide Web at the following FTP address:

    ftp://ftp.service.digital.com/public/
	the sub directory Digital_UNIX, key identifier SSRT0435U


  Note: [1]The patch kits mentioned above will be replaced in
        the near future through normal patch release
        procedures.

  	[2]The appropriate patch kit must be reinstalled
  	following any upgrade beginning with V4.0
        up to and including V4.0b.
  	

- ----------------------------------------------------------------------
TEMPORARY WORKAROUND:

  Prior to receiving the official patch for this fix, a
  temporary workaround for this problem is to clear the
  setuid bit from the /usr/sbin/dop command as follows:

		# chmod 0 /usr/sbin/dop

  This temporary workaround will resolve the security issue,
  but will also defeat DoP's purpose.  See "ADDITIONAL
  COMMENTS" below for the purpose of DoP, the effect of
  using this temporary workaround, and what to do as a
  solution while using this temporary workaround.

- ----------------------------------------------------------------------
ADDITIONAL COMMENTS:

  The DoP command is used to provide non-root users with the
  ability to enter the root password to access the graphical
  system management applications via the CDE application
  manager or the Host Manager.  When a non-root user
  attempts to execute a system management application
  through one of these applications, the user will be
  prompted with a password dialog.  If the user enters the
  correct root password, they will gain root privilege while
  running the given application.

  If the setuid bit is cleared from /usr/sbin/dop, then
  users will not be able to access the system management
  applications from either the CDE application manager or
  the Host Manager.

  The following are workarounds to allow users to run the
  graphical system management applications with DoP
  disabled:

  [1] Log into a CDE session as root and access the system
  management applications.

  [2] If logged in as a normal user, become root in your
  preferred X-based terminal emulator (xterm, dxterm, dtterm,
  etc.) and run the graphical system management application
  via the command line.

  If you need further information, please contact your
  normal DIGITAL support channel.

  DIGITAL appreciates your cooperation and patience. We
  regret any inconvenience applying this information may cause.

  __________________________________________________________________
  Copyright (c) Digital Equipment Corporation, 1995 All
  Rights Reserved.
  Unpublished Rights Reserved Under The Copyright Laws Of
  The United States.
  __________________________________________________________________


========================FORWARDED TEXT ENDS HERE=============================

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident Response
and Security Teams (FIRST). See http://www.first.org/team-info/.

We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact
the CERT staff for more information.

Location of CERT PGP key
         ftp://info.cert.org/pub/CERT_PGP.key


CERT Contact Information
- ------------------------
Email    cert@cert.org

Phone    +1 412-268-7090 (24-hour hotline)
                CERT personnel answer 8:30-5:00 p.m. EST
                (GMT-5)/EDT(GMT-4), and are on call for
                emergencies during other hours.

Fax      +1 412-268-6989

Postal address
        CERT Coordination Center
        Software Engineering Institute
        Carnegie Mellon University
        Pittsburgh PA 15213-3890
        USA

CERT publications, information about FIRST representatives, and other
security-related information are available from
        http://www.cert.org/
        ftp://info.cert.org/pub/

CERT advisories and bulletins are also posted on the USENET newsgroup
        comp.security.announce

To be added to our mailing list for CERT advisories and bulletins, send your
email address to
        cert-advisory-request@cert.org
In the subject line, type
        SUBSCRIBE  your-email-address



CERT is a service mark of Carnegie Mellon University.

This file: ftp://info.cert.org/pub/cert_bulletins/VB-97.01.dec



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMymfzXVP+x0t4w7BAQEROAP9H/PcbBKFzLmjSCULXVfHmMzpjJglJEdJ
0NIE0GL83JTGqke1bhj0DuB/HXOltWRf4YDFAPsjDzoCF/0dDRSH9xfRQsHvpkcN
BSWwPPavH5qfVGKR+S4At9Duhf7hCOv7qexDbM+XGSO9VjDWLf/x2aJ9s1YMhVdR
mJBFYH/3gV4=
=yCwx
-----END PGP SIGNATURE-----



Next message sorted by date: CERT Vendor-Initiated Bulletin VB-97.02 - Guestbook Script Vul
Next message by thread: CERT Vendor-Initiated Bulletin VB-97.02 - Guestbook Script Vul
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Feb 2000