1. Copy the content of theĀ <TITLE> tag from advisories/CA-YYYY-NN.html to the page title above.
  2. Copy the entire content of the corresponding file from body/advisories/CAYYYYNN_FAYYYYNN.html into the HTML box below.
  3. (optional) Delete this page properties box prior to saving. This step is optional because it won't display on the rendered page anyway, only in edit mode.
Original issue date: May 20, 1991<BR>
Last revised: September 18, 1997<BR>
Attached copyright statement

<P>A complete revision history is at the end of this file.

<P>The Computer Emergency Response Team/Coordination Center (CERT/CC)
has received the following information from Sun Microsystems,
Inc. (Sun).  Sun has given the CERT/CC permission to distribute their
Security Bulletin. It contains information regarding a fix for a
vulnerability in SunOS 4.0.3, SunOS 4.1 and SunOS 4.1.1.

<P>The following Sun Microsystems Security Bulletin only applies to
systems that have installed the Sun Source tapes.

<P>For more information, please contact Sun Microsystems at
1-800-USA-4SUN.

<P><HR>
<H2>SUN MICROSYSTEMS SECURITY BULLETIN: #00107</H2>

<P>This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.

<P>Sun expressly disclaims all liability for any misuse of this
information by any third party.

<P><HR>

<H3>Sun Bug ID  : 1059621<BR>
Synopsis    : security hole created by installing sunsrc<BR>
Sun Patch ID: Not applicable see fix below.</H3>

This applies to sites that have installed Sun Source tapes only.

<P>The Sun distribution of sources (sunsrc) has an installation
procedure which creates the directory /usr/release/bin and installs
two setuid root files in it: makeinstall and winstall.  These are both
binary files which exec other programs: "make -k install"
(makeinstall) or "install" (winstall).

<P>This makes it possible for users on that system to become root.

<P>
<H3>The solution:</H3>
  <PRE>      chmod ug-s /usr/release/bin/{makeinstall, winstall}</PRE>
        (if the sources have already been installed)

<P>and/or

<P>edit the makefile in sunsrc/release and change the SETUID definition
(if the sources have been extracted from tape but not installed yet)

<P>Special thanks to CERT and Tel-Aviv University for reporting this
problem.

<P ALIGN=RIGHT>
    Brad Powell<BR>
    Sun Microsystems<BR>
Software Security Coordinator.
</P>

<P>
<HR>

<P>The CERT/CC would like to thank Sun Microsystems, Inc. for their
response to this vulnerability.  We would also like to thank Ariel
Cohen from Tel-Aviv University, School of Mathematical Sciences for
reporting the problem.

<P><HR>

<!--#include virtual="/include/footer_nocopyright.html" -->
<P>Copyright 1991 Carnegie Mellon University.</P>

<HR>

Revision History
<PRE>
September 18,1997  Attached Copyright Statement
</PRE>