Child pages
  • CERT Advisory CA-1994-04 SunOS /usr/ucb/rdist Vulnerability

Pages in the Historical section of this site are provided for historical purposes, they are no longer maintained. Links may not work.

Skip to end of metadata
Go to start of metadata
Hash: SHA1

CERT Advisory CA-94:04
Original issue date:  March 17,  1994
Last revised: July 24, 1996
              SUPERSEDED BY CA-96:14

Topic:   SunOS /usr/ucb/rdist Vulnerability
                 *** SUPERSEDED BY CA-96:14 ***

The CERT Coordination Center has received information concerning a
vulnerability in /usr/ucb/rdist in Sun Microsystems, Inc. SunOS 4.1.1,
4.1.2, 4.1.3, and 4.1.3c on all sun3 and sun4 architectures.  SunOS 4.1.3_U1,
Solaris 2.x, and Solbourne's 4.1B and 4.1C are not vulnerable.

This is a Sun specific Advisory.  Please reference CERT Advisory CA-91:20
"/usr/ucb/rdist Vulnerability" for general information regarding other
vendors.  A vendor status file pub/cert_advisories/rdist-patch-status is
available via anonymous FTP from

This vulnerability is being actively exploited; please review CERT Advisory
CA-94:01 "Ongoing Network Monitoring Attacks."

Patches can be obtained from local Sun Answer Centers worldwide as well as
through anonymous FTP from in the /systems/sun/sun-dist directory.
In Europe, these patches are available from in the
/sun/fixes directory.

Information concerning specific patches is outlined below. Please note
that Sun sometimes updates patch files.  If you find that the checksum
is different, please contact Sun.

- -----------------------------------------------------------------------------

I.   Description

     A security vulnerability exists in /usr/ucb/rdist that
     can be used to gain unauthorized privileges.  Under some
     circumstances /usr/ucb/rdist can be used to create setuid
     root programs.

II.  Impact

     This vulnerability allows a local user to gain root access.

III. Solution

     A.  If rdist is not being used, change the permissions on the file.

         # chmod 700 /usr/ucb/rdist

     B.  Obtain and install the appropriate patches according to the
         instructions included with the patches.

         Module           Patch ID        Filename
         ----------       ---------       ---------------
         rdist            100383-06       100383-06.tar.Z

                BSD Checksum = 58984 121
                System V Checksum = 9125 241
                MD5 Checksum = f8f78ddab19af5efabb9bd66fc8f5c1a

- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in Forum of Incident
Response and Security Teams (FIRST).

Internet E-mail:
Telephone: 412-268-7090 (24-hour hotline)
           CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
           and are on call for emergencies during other hours.

CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous
FTP from

Copyright 1994 Carnegie Mellon University
This material may be reproduced and distributed without permission provided
it is used for noncommercial purposes and the copyright statement is

CERT is a service mark of Carnegie Mellon University.

Revision history

July 24, 1996  Superseded by CA-96.14

Version: PGP for Personal Privacy 5.0
Charset: noconv

  • No labels