Archive of CERT general posting, CERT Vendor-Initiated Bulletin VB-97.11 - NEC Corp.

15/10/97, CERT Vendor-Initiated Bulletin VB-97.11 - NEC Corp.
From: CERT Bulletin <cert-advisory@cert.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: cert-advisory@cert.org
Subject: CERT Vendor-Initiated Bulletin VB-97.11 - NEC Corp.
From: CERT Bulletin <cert-advisory@cert.org>
Date: Tue, 14 Oct 1997 10:33:56 -0400
Organization: CERT(sm) Coordination Center - +1 412-268-7090
Reply-To: cert-advisory-request@cert.org

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
CERT* Vendor-Initiated Bulletin VB-97.11
October 14, 1997

Topic: Vulnerability in "nosuid" mount option.  
Source: NEC Corporation 

To aid in the wide distribution of essential security information, the CERT
Coordination Center is forwarding the following information from NEC
Corporation. NEC urges you to act on this information as soon as possible. NEC
contact information is included in the forwarded text below; please contact
them if you have any questions or need further information.


=======================FORWARDED TEXT STARTS HERE============================
______________________________________________________________________________
                        NEC Corporation Security Bulletin

Title:          Vulnerability in "nosuid" mount option
Affects:        EWS-UX/V(Rel4.2) R7.x - R10.x
                EWS-UX/V(Rel4.2MP) R10.x
                UP-UX/V(Rel4.2MP) R5.x - R7.x
                UX/4800 R11.x - 12.1
Document ID:    SB-19971010-01
Date Issued:    October 10, 1997
______________________________________________________________________________

1. Description

    NEC Corporation has identified and corrected a problem with the
    "nosuid" mount(1) option.  The "nosuid" mount(1) option nullifies
    the effect of setuid and setgid bits for files on a particular file
    system.  This problem manifests itself by allowing setuid and setgid
    program execution on file systems mounted with "nosuid".

    The following NEC/UNIX platforms are affected:

        EWS-UX/V(Rel4.2) R7.x - R10.x
        EWS-UX/V(Rel4.2MP) R10.x
        UP-UX/V(Rel4.2MP) R5.x - R7.x
        UX/4800 R11.x - 12.1

    NEC strongly recommends that administrators of affected systems
    follow the instructions in section 3 of this bulletin.

2. Impact

    By exploiting this vulnerability, local users can invoke commands 
    as other users and possibly achieve root privileges to execute
    arbitrary commands.

3. Workarounds/Solution

    The patches listed below change the way execution privileges are
    calculated so that setuid and setgid bits are correctly ignored on
    file systems mounted with the "nosuid" option.

    Patches for platforms not listed in Section 3.2 are still in progress.
    For these systems, we recommend either unmounting file systems mounted
    "nosuid" or applying the workaround as described in Section 3.1 until
    patches are made available.

3.1. Remove setuid/setgid permission (workaround)

    To prevent possible exploitation of this vulnerability, until a patch
    is made available for your platform, we recommend the following steps:

    1) Make a local copy of each remote file system mounted with the
       "nosuid" option.

        # find <mountpoint> -depth -print | cpio -pdm <localcopy>

    2) Unmount the remote file system and replace it with the local copy.

        # umount <mountpoint>
        # mount <localdev> <mountpoint>

    3) Run the find(1) command below to remove all setuid and setgid bits
       on files in the local copy of the remote hierarchy.

        # find <mountpoint> -print -exec chmod ug-s {} \;

3.2. Install a patch

    This vulnerability is corrected by the following patches:

        OS version                      Patch ID
        ----------                      --------
        EWS-UX/V(Rel4.2) R7.x           NECe70093
        EWS-UX/V(Rel4.2) R8.x           NECe80121
        EWS-UX/V(Rel4.2) R9.x           NECe90281, NECe90282(for 110N)
        EWS-UX/V(Rel4.2) R10.x          NECea0168
        EWS-UX/V(Rel4.2MP) R10.x        NECma0378
        UP-UX/V(Rel4.2MP) R5.x          NECu50078
        UP-UX/V(Rel4.2MP) R6.x          NECu60217
        UP-UX/V(Rel4.2MP) R7.x          NECu70541
        UX/4800 R11.x                   NECmb0668
        UX/4800 R12.x                   NECmc0054

    See section 4 of this bulletin for checksum information.

    These patches are available from:
        ftp://ftp.meshnet.or.jp/pub/48pub/security

    For a directory tree map, consult the README file.

    For further information, please contact by e-mail:
        UX48-security-support@nec.co.jp

4. Checksum and additional information for patches.

    Patch ID: NECe70093

        Patch          : NECe70093.210.pkg.Z
        Target Hardware: 210,120LT,215,130LT,210II
        sum            : 17018 22
        md5            : 56CE37185FD7D5BCB6D28F6BD8DEFFBB

        Patch          : NECe70093.220.pkg.Z
        Target Hardware: 220,260,230
        sum            : 16078 22
        md5            : 251A0B2239B415A6F9324F68C99F8B14

        Patch          : NECe70093.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
        sum            : 18075 22
        md5            : 54A7DA54894E470CC8F4C879E6283AD0

        Patch          : NECe70093.350.pkg.Z
        Target Hardware: 350,350F,380
        sum            : 892 21
        md5            : BCBB5A319A0AB471ECB8EE5F154ECDCE

    Patch ID: NECe80121

        Patch          : NECe80121.210.pkg.Z
        Target Hardware: 210,120LT,215,130LT,210II
        sum            : 35542 21
        md5            : 6D33DCE306B41996CB671EB9DB3DADD3

        Patch          : NECe80121.220.pkg.Z
        Target Hardware: 220,260,230
        sum            : 19176 21
        md5            : 32F955A3DEA4B76D552ACE5C3125AA9B

        Patch          : NECe80121.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
                         140LT,150LT,360AD,360A,OM
        sum            : 6993 21
        md5            : 9425197116B75C919B10DF0F2A948A78

        Patch          : NECe80121.350.pkg.Z
        Target Hardware: 350,350F,380
        sum            : 4723 21
        md5            : 5A86DA101711317C1DA87541155229CC

    Patch ID: NECe90281

        Patch          : NECe90281.210.pkg.Z
        Target Hardware: 210,120LT,215,130LT,210II
        sum            : 1426 20
        md5            : 1BE96184A9C6645899DD6CFFC1C5E00D

        Patch          : NECe90281.220.pkg.Z
        Target Hardware: 220,260,230
        sum            : 4671 20
        md5            : CA002CF9C4B86880D044F320B80D9800

        Patch          : NECe90281.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
                         140LT,150LT,360AD,360A,OM
                         310LC,320EX,320SX,330EX,330AD
                         360EX,360ADII
        sum            : 49879 20
        md5            : 2045FF5FC608600DBE87D8C2AF08F7AA

        Patch          : NECe90281.350.pkg.Z
        Target Hardware: 350,350F,380
        sum            : 53666 20
        md5            : D0722E3257CEADFA8E3B60D68EAA9C8C

    Patch ID: NECe90282

        Patch          : NECe90282.110N.pkg.Z
        Target Hardware: 110N
        sum            : 49054 20
        md5            : A244594291D8A8E398105EF1786B5A2A

    Patch ID: NECma0378

        Patch          : NECma0378.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
                         140LT,150LT,360AD,360A,OM
                         310LC,320EX,320SX,330EX,330AD
                         360EX,360ADII,320VX,360SX
        sum            : 62412 25
        md5            : 0ABDB0D337474622A178B5A90010DF1F

        Patch          : NECma0378.360MP.pkg.Z
        Target Hardware: 360MP
        sum            : 23244 25
        md5            : 682AA6A8BC97E91DBC14253F8E9C6FFC

    Patch ID: NECea0168
        Patch          : NECea0168.110N.pkg.Z
        Target Hardware: 110N,310EC
        sum            : 13328 21
        md5            : 21D6648E69158622AECAD8A1F1538511

    Patch ID: NECmb0668

        Patch          : NECmb0668.110N.pkg.Z
        Target Hardware: 110N,310EC,310LX,310ECII,110NII
        sum            : 61039 24
        md5            : 066DBA2EBAAB87B10D3C55C4161232F1

        Patch          : NECmb0668.210.pkg.Z
        Target Hardware: 210,120LT,215,130LT,210II
        sum            : 43893 24
        md5            : D6A0A08C2008F11BF1D11D670910893F

        Patch          : NECmb0668.220.pkg.Z
        Target Hardware: 220,260,230
        sum            : 47818 24
        md5            : A93FA1EE90055120892BF96FED4071C9

        Patch          : NECmb0668.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
                         140LT,150LT,360AD,360A,OM
                         310LC,320EX,320SX,330EX,330AD
                         360EX,360ADII,320VX,360SX
        sum            : 63097 24
        md5            : FBEEC273976D44E8593791CBC3006E94

        Patch          : NECmb0668.350.pkg.Z
        Target Hardware: 350,350F,380
        sum            : 46118 24
        md5            : 14AFB2F7CBE0FECE66C43E15D53A6959

        Patch          : NECmb0668.360MP.pkg.Z
        Target Hardware: 360MP
        sum            : 34423 24
        md5            : 04FFC169C0056C2E0E991C5593EC13EB

        Patch          : NECmb0668.FM.pkg.Z
        Target Hardware: 760,660R
        sum            : 34722 24
        md5            : 0E875E8E6677223C19EF92FFD8AAA17B

        Patch          : NECmb0668.ML.pkg.Z
        Target Hardware: 610
        sum            : 31695 24
        md5            : 43F48AE10F46DD5675F54C4171979B93

        Patch          : NECmb0668.RH.pkg.Z
        Target Hardware: 660,680,690,670,675
                         675AD
        sum            : 42993 24
        md5            : 84FCEF5034A0E5A430367A6F4F813839

        Patch          : NECmb0668.RH0.pkg.Z
        Target Hardware: 640,650
        sum            : 26945 24
        md5            : 5CC49D44154183D39DD18C51BA6D8BD9

        Patch          : NECmb0668.RL.pkg.Z
        Target Hardware: 605,615,615AD,615A
        sum            : 2916 24
        md5            : 0C88DA08FF160A1B132538E8A46E9E4B

        Patch          : NECmb0668.RM.pkg.Z
        Target Hardware: 625,635,635AD
        sum            : 63205 24
        md5            : 47D10396FC39C0FB7FE617D0B180DF08

        Patch          : NECmb0668.TH2.pkg.Z
        Target Hardware: 310PX,320PX,330PX
        sum            : 56681 24
        md5            : 12BC633B68667D8EC08E56B95CD1EC5B

        Patch          : NECmb0668.UD2.pkg.Z
        Target Hardware: 360PX,360PXII
        sum            : 26095 24
        md5            : 53251D6148665B16ADF3DF224485BA96

    Patch ID: NECmc0054

        Patch          : NECmc0054.110N.pkg.Z
        Target Hardware: 110N,310EC,310LX,310ECII,110NII
        sum            : 38080 23
        md5            : B27726AA05A082079E951F00222D6E7D

        Patch          : NECmc0054.210.pkg.Z
        Target Hardware: 210,120LT,215,130LT,210II
        sum            : 39082 23
        md5            : 590586BE5E847BD34780D2A68A908495

        Patch          : NECmc0054.220.pkg.Z
        Target Hardware: 220,260,230
        sum            : 37616 23
        md5            : CA9AD4DB7476E6753C7E06F5835AC61B

        Patch          : NECmc0054.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
                         140LT,150LT,360AD,360A,OM
                         310LC,320EX,320SX,330EX,330AD
                         360EX,360ADII,320VX,360SX
        sum            : 42500 23
        md5            : 31F228CA399A16DCEC4C7641D63D2E54

        Patch          : NECmc0054.350.pkg.Z
        Target Hardware: 350,350F,380
        sum            : 47172 23
        md5            : 711FBF6BD131FFA6FB1AC2E82BDB863D

        Patch          : NECmc0054.360MP.pkg.Z
        Target Hardware: 360MP
        sum            : 32933 23
        md5            : 20C52796D74B8FE1CD7FEC7CEA116708

        Patch          : NECmc0054.EH3.pkg.Z
        Target Hardware: 410,420
        sum            : 33478 23
        md5            : 5DE177B5E0BA6517192A6CB6DB53E4E8

        Patch          : NECmc0054.EL.pkg.Z
        Target Hardware: 710
        sum            : 2088 23
        md5            : 35908F4C918DA2D164D8C9B27A71061A

        Patch          : NECmc0054.FL.pkg.Z
        Target Hardware: 740
        sum            : 31787 23
        md5            : A4DD978D309F37DA72151247770ECC0D

        Patch          : NECmc0054.FM.pkg.Z
        Target Hardware: 760,660R,760R
        sum            : 31135 23
        md5            : F5FC7DBA2CFAD595FE72B520268BA02B

        Patch          : NECmc0054.ML.pkg.Z
        Target Hardware: 610
        sum            : 18801 23
        md5            : AD5954BF0E57B1593B12BAEB5A0C7151

        Patch          : NECmc0054.RH.pkg.Z
        Target Hardware: 660,680,690,670,675
                         675AD,770
        sum            : 18516 23
        md5            : A84E91CE094441E55BC967F0A33129E5

        Patch          : NECmc0054.RH0.pkg.Z
        Target Hardware: 640,650
        sum            : 27899 23
        md5            : 5B47CABA685D0C428869CC300BB1E8DE

        Patch          : NECmc0054.RL.pkg.Z
        Target Hardware: 605,615,615AD,615A
        sum            : 48090 23
        md5            : 5AD2B54F85BF83EE934D10BA8ABA3637

        Patch          : NECmc0054.RM.pkg.Z
        Target Hardware: 625,635,635AD
        sum            : 49278 23
        md5            : 3EEEAB2D6B42B8EF58291F07F7986E0E

        Patch          : NECmc0054.TH2.pkg.Z
        Target Hardware: 310PX,320PX,330PX
        sum            : 36503 23
        md5            : 7F937DFCAC8A09E39CDFA3DB757C7529

        Patch          : NECmc0054.UD2.pkg.Z
        Target Hardware: 360PX,360PXII
        sum            : 34087 23
        md5            : 7BD3E3E1C0C44AC0FF96071F0D7E3B04

        Patch          : NECmc0054.UD3.pkg.Z
        Target Hardware: 460
        sum            : 21713 23
        md5            : 02850DACF247867594A999A9CF32E5C3

    Patch ID: NECu50078
        
        Patch          : NECu50078.RH.pkg.Z
        Target Hardware: 660,680
        sum            : 24590 23
        md5            : A0CB7CE51889544BA00BA8600CA64068

    Patch ID: NECu60217

        Patch          : NECu60217.RH.pkg.Z
        Target Hardware: 660,680,690
        sum            : 12320 23
        md5            : B2853692FDB387C7A132BF5AE5047B33

        Patch          : NECu60217.RH0.pkg.Z
        Target Hardware: 640,650
        sum            : 18714 23
        md5            : EB2AD3AD7F0AC59E0750491D19446115

        Patch          : NECu60217.RL.pkg.Z
        Target Hardware: 605,615,615AD,615A
        sum            : 40312 24
        md5            : 3EFBE0C6873017ABFA7D2632BB7F686D

        Patch          : NECu60217.RM.pkg.Z
        Target Hardware: 625,635,635AD
        sum            : 21912 24
        md5            : 6B5B2936D081D849DEBC649595F917DD

    Patch ID: NECu70541

        Patch          : NECu70541.ML.pkg.Z
        Target Hardware: 610
        sum            : 43559 25
        md5            : E009D5CC456DDB3E5347038A584C724C

        Patch          : NECu70541.RH.pkg.Z
        Target Hardware: 660,680,690
        sum            : 47473 25
        md5            : 26A98C96AF71341961CC57CC5E55EB27

        Patch          : NECu70541.RH0.pkg.Z
        Target Hardware: 640,650
        sum            : 36458 25
        md5            : EAD7B3F4A48E97E4BCBAE83B298EE265

        Patch          : NECu70541.RL.pkg.Z
        Target Hardware: 605,615,615AD,615A
        sum            : 56520 25
        md5            : 593BD721536ABC1BC0694D757DD4387B

        Patch          : NECu70541.RM.pkg.Z
        Target Hardware: 625,635,635AD
        sum            : 5840 25
        md5            : 5D9AA821BE9D01AF39512E448E3F520E

============================================================================

========================FORWARDED TEXT ENDS HERE=============================

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident Response
and Security Teams (FIRST). See http://www.first.org/team-info/.  

We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact 
the CERT staff for more information.

Location of CERT PGP key
         ftp://ftp.cert.org/pub/CERT_PGP.key


CERT Contact Information
- ------------------------
Email    cert@cert.org

Phone    +1 412-268-7090 (24-hour hotline)
                CERT personnel answer 8:30-5:00 p.m. EST
                (GMT-5)/EDT(GMT-4), and are on call for
                emergencies during other hours.

Fax      +1 412-268-6989

Postal address
        CERT Coordination Center
        Software Engineering Institute
        Carnegie Mellon University
        Pittsburgh PA 15213-3890
        USA

CERT publications, information about FIRST representatives, and other
security-related information are available from
        http://www.cert.org/
        ftp://ftp.cert.org/pub/

CERT advisories and bulletins are also posted on the USENET newsgroup
        comp.security.announce

To be added to our mailing list for CERT advisories and bulletins, send your
email address to
        cert-advisory-request@cert.org
In the subject line, type 
        SUBSCRIBE  your-email-address 



* Registered U.S. Patent and Trademark Office.

The CERT Coordination Center is part of the Software Engineering
Institute (SEI). The SEI is sponsored by the U. S. Department of Defense.


This file: ftp://ftp.cert.org/pub/cert_bulletins/VB-97.11.nec



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNEKGrnVP+x0t4w7BAQEP4QQA2if0MNau8AvBwPPvy3lXnktztA2SNPSe
cDfu+Gb+xa1Wu79H4oX46G5UejW89nhoVVHPymMnulxQWpfCYmC/3f0PCCv5F5NY
RSStHuubAtvNEED19JsNKlw2vx5nbKHnVHdRF2/w9FsvML7dtCPwNDfLZ8CI/D5M
hViGxfndygw=
=Hv66
-----END PGP SIGNATURE-----



Previous message sorted by date: CERT Vendor-Initiated Bulletin VB-97.09 - Cisco CHAP Vuls
Next message sorted by date: CERT Vendor-Initiated Bulletin VB-97.12 - opengroup
Previous message sorted by thread: CERT Vendor-Initiated Bulletin VB-97.09 - Cisco CHAP Vuls
Next message by thread: CERT Vendor-Initiated Bulletin VB-97.12 - opengroup
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Feb 2000