View Source

Original issue date: February 25, 1992<BR>
Last revised: September 19, 1997<BR>
Attached copyright statement

<P>A complete revision history is at the end of this file.

<P>The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a vulnerability in AT&amp;T TCP/IP Release
4.0 running on SVR4 systems for both the 386/486 and 3B2 RISC platforms.

<P>The existing error, in the remote execution server /usr/etc/rexecd, has
been corrected, and a new executable for rexecd is available from AT&amp;T
by calling 800-543-9935.  Patches may be obtained outside the U.S. by
calling your local technical support.  The numbers associated with the 
fix are 5127 (3.5&quot; media) and 5128 (5.25&quot; media).

<P>The problem does not exist in TCP/IP release 3.2 for SVR3, or any earlier
versions of the TCP/IP product running on either the 3B2 or 386 platforms.

<P>The version of TCP/IP distributed with SVR4 by UNIX(r) System Laboratories,
Inc. (a subsidiary of AT&amp;T) does not contain this vulnerability.

<P>UNIX(r) is a registered trademark of UNIX System Laboratories, Inc.

<P><HR>
<H2>I. Description</H2>

    
A vulnerability has been identified where root privileges may be
accessed through the use of /usr/etc/rexecd.

<H2>II. Impact</H2>


A user on a remote machine may be able to run commands as root on
the target host (the host running the affected /usr/etc/rexecd).

<H2>III. Solution </H2>


<OL>
<LI>Administrators of affected systems should execute, as root, the 

following command to immediately turn off access to rexecd until
the new binary can be obtained.
<PRE>
# chmod 400 /usr/etc/rexecd
</PRE>
<LI>Obtain and install the new patch.  The fix will be supplied as

one diskette, and it comes with one page of instructions documenting
the procedure to replace the existing /usr/etc/rexecd binary.
</OL>
<HR>

<P>The CERT/CC wishes to thank Bradley E. Smith, Network &amp; Technical Services,
Bradley University, for bringing this vulnerability to our attention and for
providing a corresponding solution.  We would also like to thank AT&amp;T for
their very quick response to this problem.

<P><HR>

<!--#include virtual="/include/footer_nocopyright.html" -->
<P>Copyright 1992 Carnegie Mellon University.</P>

<HR>

Revision History
<PRE>
September 19,1997  Attached Copyright Statement
</PRE>