[287] in Best-of-Security
BoS: Sun Security Bulletin #00148 (fwd)
daemon@ATHENA.MIT.EDU (Darren Reed)
Thu Jul 31 01:29:51 1997
From: Darren Reed <avalon@coombs.anu.edu.au>
Date: Thu, 31 Jul 1997 13:04:03 +1000 (EST)
Errors-To: best-of-security-request@cyber.com.au
To: best-of-security@cyber.com.au
Resent-From: best-of-security@cyber.com.au
In some mail from Aleph One, sie said:
> From owner-bugtraq@NETSPACE.ORG Thu Jul 31 07:01:24 EST 1997
> Approved-By: aleph1@UNDERGROUND.ORG
> X-Received: from mercury.Sun.COM by dfw.dfw.net (4.1/SMI-4.1) id AA18292; Wed,
> 30 Jul 97 13:15:18 CDT
> X-Received: from Eng.Sun.COM ([129.146.1.25]) by mercury.Sun.COM
> (SMI-8.6/mail.byaddr) with SMTP id LAA07499; Wed, 30 Jul 1997
> 11:13:38 -0700
> X-Received: from sunsc.eng.sun.com by Eng.Sun.COM (SMI-8.6/SMI-5.3) id
> LAA08098; Wed, 30 Jul 1997 11:13:02 -0700
> X-Received: by sunsc.eng.sun.com (SMI-8.6/SMI-SVR4) id LAA09002; Wed, 30 Jul
> 1997 11:01:02 -0700
> X-Sun-Charset: US-ASCII
> Message-Id: <Pine.SUN.3.94.970730131620.3424D@dfw.dfw.net>
> Date: Wed, 30 Jul 1997 13:16:20 -0500
> Reply-To: Aleph One <aleph1@DFW.NET>
> Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
> Comments: Resent-From: Aleph One <aleph1@dfw.net>
> Comments: Originally-From: secure@sunsc.Eng.Sun.COM (Sun Security
> Coordination Team)
> From: Aleph One <aleph1@DFW.NET>
> Subject: Sun Security Bulletin #00148
> To: BUGTRAQ@NETSPACE.ORG
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> ________________________________________________________________________________
> Sun Microsystems, Inc. Security Bulletin
>
> Bulletin Number: #00148
> Date: July 30
> Title: Vulnerability in NIS+
>
> ________________________________________________________________________________
> Permission is granted for the redistribution of this Bulletin, so long as
> the Bulletin is not edited and is attributed to Sun Microsystems. Portions
> may also be excerpted for re-use in other security advisories so long as
> proper attribution is included.
>
> Any other use of this information without the express written consent of
> Sun Microsystems is prohibited. Sun Microsystems expressly disclaims all
> liability for any misuse of this information by any third party.
> ________________________________________________________________________________
>
> 1. Bulletins Topics
>
> Sun announces the release of patches for Solaris 2.4 and 2.3 (SunOS 5.4
> and 5.3) which relate to a vulnerability in NIS+.
>
> Sun strongly recommends that you install the patches listed in section 4
> immediately on systems running SunOS 5.4 and 5.3 which use NIS+.
>
> 2. Who is Affected
>
> Vulnerable: SunOS versions 5.4, 5.4_x86, and 5.3 which use NIS+.
>
> Not Vulnerable: SunOS 4.1.3_U1, 4.1.4, 5.5, 5.5_x86, 5.5.1, 5.5.1_x86,
> and the upcoming version of Solaris.
>
> 3. Understanding the Vulnerability
>
> NIS+ is a network-wide name service that runs under Solaris. It can be
> selected as the name service in /etc/nsswitch.conf. If NIS+ is selected,
> programs with setuid root permissions will link nss_nisplus.so.1 which
> is susceptible to a buffer overflow vulnerability. This vulnerability may
> allow non-privileged users to gain root privileges.
>
> 4. List of Patches
>
> The vulnerability in NIS+ is fixed by the following patches:
>
> OS version Patch ID
> __________ ________
> SunOS 5.4 102277-03
> SunOS 5.4_x86 102278-03
> SunOS 5.3 101736-04
>
> 5. Checksum Table
>
> The checksum table below shows the BSD checksums (SunOS 5.x: /usr/ucb/sum),
> SVR4 checksums (SunOS 5.x: /usr/bin/sum), and the MD5 digital signatures
> for the above-mentioned patches that are available from:
>
> <URL:ftp://sunsolve1.sun.com/pub/patches/patches.html>
>
> These checksums may not apply if you obtain patches from your answer
> centers.
>
> File Name BSD SVR4 MD5
> _______________ ________ _________ ________________________________
> 102277-03.tar.Z 10681 76 2019 152 4585727103680C70301D2F7679C9EA6D
> 102278-03.tar.Z 52108 76 53872 151 5040EB6980280C729051927BFB5C8130
> 101736-04.tar.Z 27381 77 18741 153 0AC81583908220A4D92CF5C091D6212C
>
> ________________________________________________________________________________
> Sun is a member of FIRST, the Forum of Incident Response and Security Teams.
> For more information about FIRST, visit the FIRST web site at
> "http://www.first.org/".
> ________________________________________________________________________________
> APPENDICES
>
> A. Patches listed in this bulletin are available to all Sun customers via
> World Wide Web at:
>
> <URL:ftp://sunsolve1.sun.com/pub/patches/patches.html>
>
> Customers with Sun support contracts can also obtain patches from local
> Sun answer centers and SunSITEs worldwide.
>
> B. Sun security bulletins are available via World Wide Web at:
>
> <URL:http://sunsolve1.sun.com/sunsolve/secbulletins>
>
> C. To report or inquire about a security problem with Sun software, contact
> one or more of the following:
>
> - Your local Sun answer centers
> - Your representative computer security response team, such as CERT
> - Sun Security Coordination Team. Send email to:
>
> security-alert@sun.com
>
> D. To receive information or subscribe to our CWS (Customer Warning System)
> mailing list, send email to:
>
> security-alert@sun.com
>
> with a subject line (not body) containing one of the following commands:
>
> Command Information Returned/Action Taken
> _______ _________________________________
>
> help An explanation of how to get information
>
> key Sun Security Coordination Team's PGP key
>
> list A list of current security topics
>
> query [topic] The email is treated as an inquiry and is forwarded to
> the Security Coordination Team
>
> report [topic] The email is treated as a security report and is
> forwarded to the Security Coordinaton Team. Please
> encrypt sensitive mail using Sun Security Coordination
> Team's PGP key
>
> send topic A short status summary or bulletin. For example, to
> retrieve a Security Bulletin #00138, supply the
> following in the subject line (not body):
>
> send #138
>
> subscribe Sender is added to our mailing list. To subscribe,
> supply the following in the subject line (not body):
>
> subscribe cws your-email-address
>
> Note that your-email-address should be substituted
> by your email address.
>
> unsubscribe Sender is removed from the CWS mailing list.
> ________________________________________________________________________________
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQCVAwUBM996PrdzzzOFBFjJAQGM8gP+PL5Dv8FmDemi/Qw8nl3GwsfI0H4LwC/k
> RPq8fgUvekemVzJpoPe53r3KCAh3SAAQORBhWeORT+/88RRmvX3g2DXHpYZxQAMI
> y6spX8KtER3A663MeAVvlseYLLlCH0a/bnkDOgbbdef/BBRo3NFFkNK0oy/YVq4n
> IJaBiA4e81w=
> =QrX2
> -----END PGP SIGNATURE-----
>
