<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> /* *\ / * * \ / * * \ / * * \ / * System Vulnerabilities * \ | * * | | * * | | * * | | * Another Modernz Presentation * | | * * | \ * by * / \ * Multiphage * / \ * * / \ * written on 12-15-92 * / \ * */ ******************************************************************************* <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> ******************************************************************************* The Modernz can be contacted at: MATRIX BBS WOK-NOW! World of Kaos NOW! World of Knowledge NOW! St. Dismis Institute - Sysops: Wintermute Digital-demon (908) 905-6691 (908) WOK-NOW! (908) 458-xxxx 1200/2400/4800/9600 14400/19200/38400 Home of Modernz Text Philez <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>< <*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*> <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> TANSTAAFL Pheonix Modernz The Church of Rodney - Sysop: Tal Meta (908) 830-TANJ (908) 830-8265 Home of TANJ Text Philez <*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*> CyberChat Sysop: Hegz (908)506-6651 (908)506-7637 300/1200/2400/4800/9600 14400/19200/38400 Modernz Site TLS HQ <><><><><><><><><><><><><><<><<><><><><><><><><><><><><><><><><><><><><><><><>< The Last Outpost PowerBBS Support Board UASI ALPHA Division NorthWestern PA UASI site! (412) 662-0769 300/1200/2400 24 hours! SysOp: The Almighty Kilroy <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>< BlitzKreig BBS Home of TAP (502)499-8933 <*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*> =========================================================================== Revised Patch for SunOS /usr/etc/rpc.mountd Vulnerability --------------------------------------------------------------------------- Information concerning the availability of a revised security patch for /usr/etc/rpc.mountd in Sun Microsystems Computer Corporation operating systems. Sun has provided patches for SunOS 4.1, SunOS 4.1_PSR_A, SunOS 4.1.1, and SunOS 4.1.2. These patches are available through your local Sun Answer Center as well as through anonymous ftp from ftp.uu.net (137.39.1.9) in the /systems/sun/sun-dist directory. Patch ID and file information are as follows: Fix Patch ID Filename Checksum /usr/etc/rpc.mountd 100296-02 100296-02.tar.Z 30606 23 --------------------------------------------------------------------------- I. Description Under certain conditions an exported NFS filesystem can be mounted by any system on the Internet even though it may appear that access to the filesystem is restricted to specific hosts. II. Impact Unauthorized remote hosts will be able to mount the exported filesystem. III. Solution As root: 1. Move the existing rpc.mountd aside and change the permissions. # mv /usr/etc/rpc.mountd /usr/etc/rpc.mountd.OLD # chmod 400 /usr/etc/rpc.mountd.OLD 2. Install the new version # cp `arch`/rpc.mountd /usr/etc # chown root.staff /usr/etc/rpc.mountd # chmod 755 /usr/etc/rpc.mountd 3. Kill the currently running rpc.mountd and restart it, or reboot the system. In either case, systems with filesystems mounted from this host will have interruptions in service. --------------------------------------------------------------------------- =========================================================================== SunOS NIS Vulnerability --------------------------------------------------------------------------- Information concerning several vulnerabilities with NIS under Sun Microsystems, Inc. SunOS. These vulnerabilities exist in NIS under SunOS 4.1, 4.1.1, and 4.1.2, and may or may not exist in earlier versions of NIS. Sun has provided fixes for SunOS 4.1, 4.1.1, and 4.1.2 for these vulnerabilities. The patch file containing these fixes is available through your local Sun Answer Center and through anonymous ftp from ftp.uu.net (137.39.1.9) in the /systems/sun/sun-dist directory. Note that these fixes will probably not be compatible with SunOS 4.0.3 and earlier versions of the operating system. Fix PatchID Filename Checksum /usr/etc/{ypserv,ypxfrd,portmap} 100482-2 100482-02.tar.Z 53416 284 Please note that Sun will occasionally update patch files. If you find that the checksum is different, please contact Sun or the CERT/CC for verification. --------------------------------------------------------------------------- I. Description A security vulnerability exists under NIS allowing unauthorized access to NIS information. II. Impact A user on a remote host can obtain copies of the NIS maps from a system running NIS. The remote user can attempt to guess passwords for the system using the obtained NIS password map information. III. Solution A. Obtain and install the patch from Sun or from ftp.uu.net following the instructions provided in the "README" file. 1. As root, rename the existing versions of /usr/etc/{ypserv,ypxfrd,portmap} and modify the permissions to prevent misuse. # mv /usr/etc/ypserv /usr/etc/ypserv.orig # mv /usr/etc/ypxfrd /usr/etc/ypxfrd.orig # mv /usr/etc/portmap /usr/etc/portmap.orig # chmod 0400 /usr/etc/ypserv.orig # chmod 0400 /usr/etc/ypxfrd.orig # chmod 0400 /usr/etc/portmap.orig 2. Copy the new binaries into the /usr/etc directory. # cp `arch`/{4.1, 4.1.1, 4.1.2}/ypserv /usr/etc/ypserv # cp `arch`/{4.1, 4.1.1, 4.1.2}/ypxfrd /usr/etc/ypxfrd # cp `arch`/{4.1, 4.1.1, 4.1.2}/portmap /usr/etc/portmap # chown root /usr/etc/ypserv /usr/etc/ypxfrd /usr/etc/portmap # chmod 755 /usr/etc/ypserv /usr/etc/ypxfrd /usr/etc/portmap 3. Copy the securenets file to the /var/yp directory. Any site that has an existing /var/yp/securenets file should rename it prior copying the new version of the file. # cp `arch`/{4.1, 4.1.1, 4.1.2}/securenets /var/yp # chown root /var/yp/securenets # chmod 644 /var/yp/securenets 4. Edit the /var/yp/securenets file to reflect the correct configuration for your site. See the "README" file for details of the file syntax and special instructions for hosts with multiple Ethernet interfaces. The file should not contain any blank lines. 5. Reboot the system to invoke the new binaries.