|
Original issue date: August 22, 1991<BR> Last revised: September 18, 1997<BR> Attached copyright statement <P>A complete revision history is at the end of this file. <P>The Computer Emergency Response Team/Coordination Center (CERT/CC) has received information concerning a vulnerability in the configuration of several system files. This advisory discusses a workaround since there are no permanent patches available at this time. <P>This vulnerability is present in a very large number of UNIX-based operating systems. Therefore, we recommend that ALL sites take the corrective actions listed below. <P><HR> <H2>I. Description </H2> The presence of a '-' as the first character in /etc/hosts.equiv, /etc/hosts.lpd and .rhosts files may allow unauthorized access to the system. <H2>II. Impact</H2> Remote users can gain unauthorized root access to the system. <H2>III. Solution</H2> Rearrange the order of entries in the hosts.equiv, hosts.lpd, and .rhosts files so that the first line does not contain a leading '-' character. <P>Remove hosts.equiv, hosts.lpd, and .rhosts files containing only entries beginning with a '-' character. <P>.rhosts files in ALL accounts, including root, bin, sys, news, etc., should be examined and modified as required. .rhosts files that are not needed should be removed. <P>Please note that the CERT/CC strongly cautions sites about the use of hosts.equiv and .rhosts files. We suggest that they NOT be used unless absolutely necessary. <P><HR> <P>The CERT/CC wishes to thank Alan Marcum, NeXT Computer, for bringing this security vulnerability to our attention. We would also like to thank CIAC for their assistance in testing this vulnerability. <P><HR> <!--#include virtual="/include/footer_nocopyright.html" --> <P>Copyright 1991 Carnegie Mellon University.</P> <HR> Revision History <PRE> September 18,1997 Attached Copyright Statement </PRE> |