Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!sdd.hp.com!usc!ucsd!dog.ee.lbl.gov!ucbvax!CERT.SEI.CMU.EDU!cert-advisory-request From: cert-advisory-request@CERT.SEI.CMU.EDU (CERT Advisory) Newsgroups: comp.security.announce Subject: CERT Advisory - SunOS in.telnetd Vulnerability Message-ID: <9103261832.AA11823@tictac.cert.sei.cmu.edu> Date: 26 Mar 91 18:30:18 GMT Sender: daemon@ucbvax.BERKELEY.EDU Distribution: inet Organization: The Computer Emergency Response Team Lines: 65 Approved: cert@cert.sei.cmu.edu CA-91:02 CERT Advisory March 26, 1991 SunOS in.telnetd Vulnerability ------------------------------------------------------------------------- DESCRIPTION: The Computer Emergency Response Team/Coordination Center (CERT/CC) has obtained information regarding a vulnerability which affects SunOS 4.1 and 4.1.1 versions of in.telnetd on all Sun 3 and Sun 4 architectures. The vulnerability has been fixed by Sun Microsystems, Inc. IMPACT: The vulnerability allows a user on the system to gain unauthorized access to other accounts, including root. SOLUTION: Sun Microsystems, Inc. has patched versions of in.telnetd available for SunOS 4.1 and 4.1.1 on all Sun 3 and Sun 4 architectures. The Sun Bug IDs which are fixed by this patch are: 1054669 1050269 1049886 1042370 1040722 1033809. The Sun Patch ID (which you will need to order the patch from a Sun Answer Center (phone number 800 USA 4SUN) is: 100125-02. The checksum of the compressed tarfile (filename 1001125-02.tar.Z) is 44522 46. The compressed tarfile is available by anonymous FTP on ftp.uu.net in sun-dist/1001125-02.tar.Z as well as on mcsun.eu.net in sun/fixes/1001125-02.tar.Z. Patch installation instructions are as follows: # mv /usr/etc/in.telnetd /usr/etc/in.telnetd.FCS # chmod 600 /usr/etc/in.telnetd.FCS (These two steps store the old version as a precaution and change the file mode to that the old version cannot be executed; after verifying the new version, the old version should be removed.) # cp sun{3,3x,4,4c}/in.telnetd /usr/etc/in.telnetd (Be sure to copy the appropriate version for your architecture.) # chmod 711 /usr/etc/in.telnetd # chown root /usr/etc/in.telnetd # chgrp staff /usr/etc/in.telnetd # kill {any executing in.telnetd process(es) (SEE NOTE)} NOTE: Be careful in killing existing in.telnetd processes, as they may be legitimate users attempting to login to the system. ------------------------------------------------------------------------- Computer Emergency Response Team/Coordination Center (CERT/CC) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Internet E-mail: cert@cert.sei.cmu.edu Telephone: 412-268-7090 24-hour hotline: CERT personnel answer 7:30a.m.-6:00p.m. EST. On call for emergencies during other hours. Past advisories and other computer security related information are available for anonymous ftp from the cert.sei.cmu.edu (128.237.253.5) system.