Original issue date: April 10, 1992<BR> Last revised: September 19, 1997<BR> Attached copyright statement <P>A complete revision history is at the end of this file. <P>The Computer Emergency Response Team/Coordination Center (CERT/CC) has received information concerning a method of unauthorized root access in the lp software in Silicon Graphics Computer Systems (SGI) IRIX operating systems. This vulnerability is present in all current versions of IRIX. <P>Silicon Graphics Computer Systems and the CERT/CC strongly recommend that sites take immediate action to eliminate this vulnerability from their systems. <P>This vulnerability will be fixed in IRIX 4.0.5 and is NOT present in any version of the Trusted IRIX/B product. <P><HR> <H2>I. Description</H2> When IRIX pre-4.0.5 systems are installed or updated using either the basic system software ("eoe1.sw.unix") or the system manager software ("eoe2.sw.vadmin") media, a vulnerability is introduced in the lp software. <H2>II. Impact</H2> Any user logged into the system can gain root access. <H2>III. Solution</H2> As root, execute the following commands: <PRE> # cd /usr/lib # chmod a-s,go-w lpshut lpmove accept reject lpadmin # chmod go-ws lpsched vadmin/serial_ports vadmin/users vadmin/disks # cd /usr/bin # chmod a-s,go-w disable enable # chmod go-ws cancel lp lpstat </PRE> If the eoe2.sw.vadmin software is not installed, you may ignore any warning messages from chmod such as: <P>"chmod: WARNING: can't access vadmin/serial_ports" <P>If system software should ever be reinstalled from pre-4.0.5 media or restored from a backup tape created before the patch was applied, repeat the above procedure before enabling logins by normal users. <P><HR> <P>The CERT/CC would like to thank Silicon Graphics Computer Systems for bringing this security vulnerability to our attention and for their quick response to this problem. <!--#include virtual="/include/footer_nocopyright.html" --> <P>Copyright 1992 Carnegie Mellon University.</P> <HR> Revision History <PRE> September 19,1997 Attached copyright statement </PRE> |