Original issue date: February 14, 1994<BR> Last revised: September 19, 1997<BR> Attached copyright statement <P>A complete revision history is at the end of this file. <BR> <BLOCKQUOTE> <H4>THIS IS A REVISED CERT ADVISORY<BR> IT CONTAINS NEW VULNERABILITY AND PATCH INFORMATION<BR> SUPERSEDES CERT ADVISORY CA-91.09 and CA-92.12 </H4></BLOCKQUOTE> <P>The CERT Coordination Center has received information concerning a vulnerability in /usr/etc/rpc.mountd in Sun Microsystems, Inc. SunOS 4.1.1, 4.1.2, 4.1.3, and 4.1.3c. SunOS 4.1.3.u.1, Solaris 2.x, and Solbourne's 4.1B and 4.1C are not vulnerable. <P>Sun has produced a patch for this vulnerability for sun3 and sun4 architectures. It is available through your local Sun Answer Center as well as through anonymous FTP from the ftp.uu.net system in the /systems/sun/sun-dist directory or from the ftp.eu.net system in the /sun/fixes directory. <P>This vulnerability is currently being exploited. Please review <A HREF="http://www.cert.org/advisories/CA-94.01.ongoing.network.monitoring.attacks.html">CERT Advisory CA-94.01 Ongoing Network Monitoring Attacks</A>. <P><HR> <H2>I. Description</H2> If an access list of hosts within /etc/exports is a string over 256 characters or if the cached list of netgroups exceeds the cache capacity then the file system can be mounted by anyone. <H2>II. Impact</H2> Unauthorized remote hosts will be able to mount the file system. This will allow unauthorized users read and write access to files on mounted file systems. <H2>III. Solution</H2> Obtain and install the appropriate patch following the instructions included with the patch. <P>Patches are available from <P> <A HREF=ftp://ftp.uu.net/systems/sun/sun-dist/patches/>ftp://ftp.uu.net/systems/sun/sun-dist/patches/</A> <P> <A HREF=ftp://ftp.eu.net/sun/fixes/>ftp://ftp.eu.net/sun/fixes/</A> <P>There is a README file and directory layout to help identify which binaries are appropriate for which architectures. <PRE> Patch-ID Filename BSD MD5 Checksum Checksum 100296-04 100296-04.tar.Z 15271 40 4e1354ecb7fb9c7e962d7020f31f07bf </PRE> <!--#include virtual="/include/footer_nocopyright.html" --> <P>Copyright 1994, 1995, 1996 Carnegie Mellon University.</P> <HR> Revision History <PRE> Sept. 19,1997 Attached copyright statement Aug. 30, 1996 Information previously in the README was inserted into the advisory. Updated URL format. June 09, 1995 Solution - recommended source to use for patches if the checksums didn't match Apr. 20, 1994 Solution - noted that Sun ensured that the same versions of patches were available at all locations and provided files to help determine which architectures require the patch. </PRE> |