|
Original issue date: May 20, 1991<BR> Last revised: September 18, 1997<BR> Attached copyright statement <P>A complete revision history is at the end of this file. <P>The Computer Emergency Response Team/Coordination Center (CERT/CC) has received the following information from Sun Microsystems, Inc. (Sun). Sun has given the CERT/CC permission to distribute their Security Bulletin. It contains information regarding a fix for a vulnerability in SunOS 4.0.3, SunOS 4.1 and SunOS 4.1.1. <P>The following Sun Microsystems Security Bulletin only applies to systems that have installed the Sun Source tapes. <P>For more information, please contact Sun Microsystems at 1-800-USA-4SUN. <P><HR> <H2>SUN MICROSYSTEMS SECURITY BULLETIN: #00107</H2> <P>This information is only to be used for the purpose of alerting customers to problems. Any other use or re-broadcast of this information without the express written consent of Sun Microsystems shall be prohibited. <P>Sun expressly disclaims all liability for any misuse of this information by any third party. <P><HR> <H3>Sun Bug ID : 1059621<BR> Synopsis : security hole created by installing sunsrc<BR> Sun Patch ID: Not applicable see fix below.</H3> This applies to sites that have installed Sun Source tapes only. <P>The Sun distribution of sources (sunsrc) has an installation procedure which creates the directory /usr/release/bin and installs two setuid root files in it: makeinstall and winstall. These are both binary files which exec other programs: "make -k install" (makeinstall) or "install" (winstall). <P>This makes it possible for users on that system to become root. <P> <H3>The solution:</H3> <PRE> chmod ug-s /usr/release/bin/{makeinstall, winstall}</PRE> (if the sources have already been installed) <P>and/or <P>edit the makefile in sunsrc/release and change the SETUID definition (if the sources have been extracted from tape but not installed yet) <P>Special thanks to CERT and Tel-Aviv University for reporting this problem. <P ALIGN=RIGHT> Brad Powell<BR> Sun Microsystems<BR> Software Security Coordinator. </P> <P> <HR> <P>The CERT/CC would like to thank Sun Microsystems, Inc. for their response to this vulnerability. We would also like to thank Ariel Cohen from Tel-Aviv University, School of Mathematical Sciences for reporting the problem. <P><HR> <!--#include virtual="/include/footer_nocopyright.html" --> <P>Copyright 1991 Carnegie Mellon University.</P> <HR> Revision History <PRE> September 18,1997 Attached Copyright Statement </PRE> |