Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: ciacg43a.txt

Sendmail Vulnerability




-----BEGIN PGP SIGNED MESSAGE-----

             __________________________________________________________

                       The U.S. Department of Energy
                    Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                          Vulnerabilities in Sendmail

December 5,1997 20:00 GMT                                       Number G-43a
______________________________________________________________________________
PROBLEM:       There are two vulnerabilities in sendmail. The first
               vulnerability is a resource starvation problem and the second
               is a buffer overflow problem.
PLATFORM:      Systems running any version of sendmail up to and including
               sendmail 8.7.5.
DAMAGE:        By exploiting these vulnerabilities, a local user can obtain
               root access.
SOLUTION:      Apply the patches and/or workarounds provided in the bulletin
               below.
______________________________________________________________________________
VULNERABILITY  These vulnerabilities are widely known.
ASSESSMENT:
______________________________________________________________________________

[Appended to G-43 on December 5,1997 with additional patch information from
Sun Microsystems, Inc.]

[Begin CERT Bulletin]

=============================================================================
CERT(sm) Advisory CA-96.20
Original issue date: September 18, 1996
Last revised: --

Topic: Sendmail Vulnerabilities
- ------------------------------------------------------------------------------
                *** This advisory supersedes CA-95:05 ***

The CERT Coordination Center has received reports of two security problems in
sendmail that affect all versions up to and including 8.7.5. By exploiting
the first of these vulnerabilities, users who have local accounts can gain
access to the default user, which is often daemon. By exploiting the second
vulnerability, any local user can gain root access.

The CERT/CC team recommends installing vendor patches or upgrading to the
current version of sendmail (8.7.6). Until you can do so, we urge you to
apply the workaround provided in Sec. III.C. In all cases, be sure to take
the extra precautions listed in Sec. III.D.

For beta testers of sendmail 8.8: The vulnerabilities described in this
advisory have been fixed in the beta version.

We will update this advisory as we receive additional information. Please
check advisory files regularly for updates that relate to your site. In
addition, you can check ftp://info.cert.org/pub/latest_sw_versions/sendmail
to identify the most current version of sendmail.

- ------------------------------------------------------------------------------

I.   Description

     There are two vulnerabilities in all versions of sendmail up to and
     including sendmail 8.7.5. The first vulnerability is a resource
     starvation and the second is a buffer overflow problem.

     Resource Starvation
     -------------------

     When email is forwarded to a program using a .forward file or an
     :include: statement within a .forward or alias file, that program is
     executed as the owner of the .forward file or the file referenced by the
     :include: statement. Similarly, if email is forwarded to a file, that
     file is opened as the owner of the .forward file or the file referenced
     by the :include: statement. The file owner is called the "controlling
     user."

     If the message cannot be delivered immediately, the name of the
     controlling user is written into the queue file along with the other
     delivery information so that the appropriate permissions can be acquired
     when the mail queue is processed.

     Only the name of the controlling user is written in the queue file. This
     name is derived by calling the system routine getpwuid(3) on the user id
     of the file owner. If getpwuid fails, the sendmail default user (defined
     by the DefaultUser option in 8.7 and by the "u" and "g" options in older
     releases) is assumed.

     In some cases, the system can be forced into resource starvation, thus
     forcing getpwuid(3) to fail even though an entry exists in /etc/passwd
     corresponding to that uid. Since getpwuid has no way of portably
     returning an error meaning "resource failure" as distinct from "user id
     not found," sendmail has no way of distinguishing between these cases; it
     assumes that the uid is unknown and falls back to the default user.

     By starving sendmail of specific resources, sendmail will create files
     owned by the default user. Once created, these files can be used to
     access other files owned by the default user. In addition, these files
     owned by the default user can be used to leverage access to other
     privileged users on the system.

     Buffer Overflows
     ----------------
     There are several buffer overflows present in sendmail version 8.7.5 and
     earlier. Some of the buffer overflows could result in local users gaining
     unauthorized root access.

     Significant work has been done on sendmail version 8.8 (now in beta
     test) to eliminate the problem, and the code changes originally planned
     for 8.8 have been backported to 8.7.6 to address these vulnerabilities.

II.  Impact

     Resource Starvation
     -------------------
     Anyone with access to an account on the system can run programs or write
     files as the default user. The danger of compromising the default user
     depends primarily on the other files in your system owned by that user.

     For example, on many systems the line printer spool directory (e.g.,
     /var/spool/lpd) is owned by daemon; because the line printer subsystem
     runs setuid root, it may be possible to gain additional privileges.
     However, some other systems have no files owned by user daemon on the
     default system, and the only files owned by group daemon are not
     writable by that group; hence, the danger is minimal.

     Buffer Overflows
     ----------------
     Anyone with access to an account on the system can gain root access.

III. Solution

     Install a patch from your vendor if one is available (Sec. A) or upgrade
     to the current version of sendmail (Sec. B). Until you can take one of
     those actions, we recommend applying the workaround described in Sec. C.
     This workaround addresses the resource starvation problem but not buffer
     overflows.

     In all cases, you should take the precautions listed in Sec. D.

     Note to beta testers of sendmail 8.8: The vulnerabilities described in
     this advisory have been fixed in the beta version of 8.8.

     A. Install a vendor patch.

        Below is a list of the vendors who have provided information about
        sendmail. Details are in Appendix A of this advisory; we will update
        the appendix as we receive more information. If your vendor's name
        is not on this list, please contact the vendor directly.

            Digital Equipment Corporation
            Hewlett-Packard Company
            IBM Corporation
            Linux
            Open Software Foundation
            The Santa Cruz Operation
            Silicon Graphics Inc.
            Sun Microsystems, Inc.

     B. Upgrade to the current version of sendmail.

        Install sendmail 8.7.6. This version is a "drop in" replacement for
        8.7.x. There is no patch for 8.6.x. If you are using version 8.6 or
        earlier, you need to upgrade to the current version and rebuild your
        sendmail.cf files. Upgrading to version 8.7.6 addresses both
        vulnerabilities described in this advisory.

        Sendmail 8.7.6 is available from

ftp://ftp.sendmail.org/ucb/src/sendmail/sendmail.8.7.6.tar.gz
ftp://info.cert.org/pub/tools/sendmail/sendmail.8.7.6.tar.gz
ftp://ftp.cert.dfn.de/pub/tools/net/sendmail/sendmail.8.7.6.tar.gz

        MD5 (sendmail.8.7.6.tar.gz) = 4a1f2179c53c9106bc8d7738f4d55667

        Also in that directory are .Z and .sig files. The .Z file contains the
        same bits as the .gz file, but is compressed using UNIX compress
        instead of gzip. The .sig is Eric Allman's PGP signature for the
        uncompressed tar file. The key fingerprint is

  Type bits/keyID    Date       User ID
  pub  1024/BF7BA421 1995/02/23 Eric P. Allman <eric@CS.Berkeley.EDU>
     Key fingerprint =  C0 28 E6 7B 13 5B 29 02  6F 7E 43 3A 48 4F 45 29
                                Eric P. Allman <eric@Reference.COM>
                                Eric P. Allman <eric@Usenix.ORG>
                                Eric P. Allman <eric@Sendmail.ORG>
                                Eric P. Allman <eric@CS.Berkeley.EDU>

        We strongly recommend that when you change to a new version of
        Sendmail you also change to the configuration files that are provided
        with that version.

        Significant work has been done to make this task easier. It is now
        possible to build a sendmail configuration file (sendmail.cf) using
        the configuration files provided with the sendmail release. Consult
        the cf/README file for a more complete explanation. Creating your
        configuration files using this method makes it easier to incorporate
        future changes to sendmail into your configuration files.

        Finally, for Sun users, a paper is available to help you convert your
        sendmail configuration files from the Sun version of sendmail to one
        that works with sendmail version 8.7.x. The paper is entitled
        "Converting Standard Sun Config Files to Sendmail Version 8" and was
        written by Rick McCarty of Texas Instruments Inc. It is included in
        the distribution and is located in contrib/converting.sun.configs.

     C. Apply a workaround.

        Resource Starvation
        -------------------
        Eric Allman, the author of sendmail, has provided the following
        workaround to the resource starvation vulnerability.

        Using smrsh as "prog" mailer limits the programs that can be run as
        the default user. Smrsh does not limit the files that can be written,
        but less damage can be done by writing files directly.

        The damage can be almost entirely constrained by ensuring that the
        default user is an innocuous one. Sendmail defaults to 1:1 (daemon)
        only because that is reasonably portable. A special "mailnull"
        account that is used only for this purpose would be better. This user
        should own no files and should have neither a real home directory nor
        a real shell. A sample password entry might be:

           mailnull:*:32765:32765:Sendmail Default User:/no/such/dir:/dev/null

        A corresponding entry should be made in /etc/group:

           mailnull:*:32765:

        These assume that there are no other users or groups with id = 32765
        on your system; if there are, pick some other unique value. After
        creating this user, change the line in /etc/sendmail.cf reading

           O DefaultUser=1:1

         to read

           O DefaultUser=mailnull

        If you are running 8.6.*, you will have to change the lines reading

           Ou1
           Og1

        to read

           Ou32765
           Og32765

       Finally, if you are using the m4(1)-based sendmail configuration scheme
       provided with sendmail 8.7.*, you should add the following line to the
       m4 input file, usually named sendmail.mc:

           define(`confDEF_USER_ID', 32765:32765)

       The actual values should, of course, match those in the passwd file.

       Buffer Overflows
       ----------------
       There is no workaround for the buffer overflow problem. To address this
       problem, you must apply your vendor's patches or upgrade to the current
       version of sendmail (version 8.7.6).

D. Take additional precautions.

   Regardless of which solution you apply, you should take these extra
   precautions to protect your systems.

   * Use the sendmail restricted shell program (smrsh)

     With *all* versions of sendmail, use the sendmail restricted shell
     program (smrsh). You should do this whether you use vendor-supplied
     sendmail or install sendmail yourself. Using smrsh gives you improved
     administrative control over the programs sendmail executes on behalf of
     users.

     A number of sites have reported some confusion about the need to continue
     using the sendmail restricted shell program (smrsh) when they install a
     vendor patch or upgrade to a new version of sendmail. You should always
     use the smrsh program.

     smrsh is included in the sendmail distribution in the subdirectory
     smrsh. See the RELEASE_NOTES file for a description of how to integrate
     smrsh into your sendmail configuration file.

     smrsh is also distributed with some operating systems.

   * Use mail.local

     If you run /bin/mail based on BSD 4.3 UNIX, replace /bin/mail with
     mail.local, which is included in the sendmail distribution. It is also
     included with some other operating systems distributions, such as
     FreeBSD.

     Although the current version of mail.local is not a perfect solution, it
     is important to use it because it addresses vulnerabilities that are
     being exploited. For more details, see CERT advisory CA-95:02.

     Note that as of Solaris 2.5 and beyond, mail.local is included with the
     standard distribution. To use mail.local, replace all references to
     /bin/mail with /usr/lib/mail.local. If you are using the M4(1)-based
     configuration scheme provided with sendmail 8.X, add the following to
     your configuration file:

        define(`LOCAL_MAILER_PATH', /usr/lib/mail.local)

   * WARNING: Check for executable copies of old versions of mail programs

     If you leave executable copies of older versions of sendmail installed
     in /usr/lib (on some systems, it may be installed elsewhere), the
     vulnerabilities in those versions could be exploited if an intruder
     gains access to your system. This applies to sendmail.mx as well as
     other sendmail programs. Either delete these versions or change the
     protections on them to be non-executable.

     Similarly, if you replace /bin/mail with mail.local, remember to remove
     old copies of /bin/mail or make them non-executable.

- -----------------------------------------------------------------------------

Appendix A - Vendor Information

Below is a list of the vendors who have provided information for this
advisory. We will update this appendix as we receive additional information.
If you do not see your vendor's name, please contact the vendor directly.


Digital Equipment Corporation
=============================
[About the resource starvation problem]
  Source:
      Software Security Response Team
      Copyright (c) Digital Equipment Corporation 1996. All rights reserved.
      08.SEP.1996

   At the time of writing this document, patches (binary kits) for Digital's
   UNIX related operating systems are being developed. Digital will provide
   notice of availability for remedial kits through AES services (DIA, DSNlink
   FLASH), placed in the public FTP patch service domain and also be
   available from your normal Digital Support channel.

          ftp://ftp.service.digital.com/public/{OS/{vn.n}
                                                |     |
                                                |     |--version
                                                |--osf or ultrix

    9/96                                   - DIGITAL EQUIPMENT CORPORATION


Hewlett-Packard Company
=======================
[About the resource starvation problem]
   HP-UX is vulnerable, and a patch is in progress.

   The HP SupportLine Mail Service provides notification of security patches
   for HP-UX to its 'security_info' mailing list. For information on the
   service, send mail to support@us.external.hp.com with 'help' in the body of
   the message (without quotes).

   To report new security defects in HP software, send mail to
   security-alert@hp.com.


IBM Corporation
================
  The following APARs are being developed and will be available shortly.
  See the appropriate release below to determine your action.


  AIX 3.2
  -------
    Apply the following fixes to your system:

       APAR - IX61303 IX61307


  AIX 4.1
  -------
    Apply the following fixes to your system:

        APAR - IX61162 IX61306

    To determine if you have this APAR on your system, run the following
    command:

       instfix -ik IX61162 IX61306


  AIX 4.2
  -------
    Apply the following fixes to your system:

        APAR - IX61304 IX61305

    To determine if you have this APAR on your system, run the following
    command:

       instfix -ik IX61304 IX61305



  To Order
  --------
    APARs may be ordered using Electronic Fix Distribution (via FixDist)
    or from the IBM Support Center.  For more information on FixDist,

       http://service.software.ibm.com/aixsupport/

    or send e-mail to aixserv@austin.ibm.com with a subject of "FixDist".


  IBM and AIX are registered trademarks of International Business Machines
  Corporation.


Linux
=====
[For the resource starvation problem:]

   Debian Linux: not vulnerable (uses smail)

   Red Hat and derivatives:
        ftp://ftp.redhat.com/pub/redhat-3.0.3/i386/updates/RPMS/sendmail*


Open Software Foundation
========================
   OSF's OSF/1 R1.3.2 is not vulnerable to these types of attacks described in
   the resource starvation sections of the advisory.

   OSF's OSF/1 R1.3.2 is vulnerable to the buffer overflow problems.
   We will address the problem in our next maintenance release.


The Santa Cruz Operation
========================

   Any SCO operating system running a version of sendmail provided by SCO
   is vulnerable to this problem. SCO is providing Support Level
   Supplement (SLS) oss443a for the following releases to address this issue:
   SCO Internet FastStart release 1.0.0
   SCO OpenServer releases 5.0.0 and 5.0.2

   This SLS provides a pre-release version of sendmail release 8.7.6
   for these platforms. SCO hopes to have a final version of sendmail 8.7.6
   available to address both issues mentioned in this advisory in the near
   future.

   Note that only SCO Internet FastStart uses sendmail as the default mail
   system. All other SCO operating systems use other mail systems such as the
   Multi-Channel Memorandum Distribution Facility (MMDF) or the "mailsurr"
   mail system as the default, and as such are not vulnerable to this
   problem unless otherwise configured to use sendmail.

   SCO intends to provide a similar patch for SCO UnixWare release 2.1.0
   in the near future.

   When configured to use a version of sendmail provided by SCO, releases
   prior to the ones mentioned here are also vulnerable, but no
   plans have yet been made concerning patches for these earlier releases.

   You can download SLS oss443a as shown below.

   Anonymous ftp   (World Wide Web URL)
   -------------

        ftp://ftp.sco.COM/SSE/oss443a           (SLS image)
        ftp://ftp.sco.COM/SSE/oss443a.ltr.sse   (cover letter/install notes)

   Compuserve
   ----------

   SLS oss443a is also available in the SCO Forum on Compuserve.

   SCO Online Support (SOS) BBS
   ----------------------------

   SLS oss443a can also be downloaded interactively via X, Y, or Z MODEM or
   Kermit, using the SCO Online Support System (SOS). Follow the menu
   selections under "Toolchest" from the main SOS menu.

   The phone numbers available for interactive transfer from SOS are:

   1-408-426-9495                  (USA)
   +44 (0)1923 210 888             (United Kingdom)

   Checksums
   ---------

   sum -r
   ------

   13804   630 oss443a
   35304    14 oss443a.ltr.sse

   MD5
   ---

   MD5 (oss443a) = 549260a71ca76f4e98dd38bccb72748c
   MD5 (oss443a.ltr.sse) = 7475d83f0db64a1af69eb66cd392a9d3

   Be sure to keep track of the README file at ftp://ftp.sco.COM/SSE/README
   for updates to this supplement.

   If you have further questions, contact your support provider. If you
   need to contact SCO, please send electronic mail to support@sco.COM, or
   contact SCO as follows.

        USA/Canada: 6am-5pm Pacific Daylight Time (PDT)
        -----------
        1-800-347-4381  (voice)
        1-408-427-5443  (fax)

        Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
        ------------------------------------------------ Daylight Time
                                                         (PDT)
        1-408-425-4726  (voice)
        1-408-427-5443  (fax)

        Europe, Middle East, Africa: 9am-5:30pm Greenwich Mean Time (GMT)
        ----------------------------
        +44 (0)1923 816344 (voice)
        +44 (0)1923 817781 (fax)


Silicon Graphics, Inc.
======================
   We are analyzing the vulnerability, and will provide additional
   information as it becomes available.


Sun Microsystems, Inc.
======================
   Sun is working on a patch which will fix both problems, and we expect to
   have it out by the end of the month. Also, we will send out a Sun bulletin
   on this subject at about the same time.

- ------------------------------------------------------------------------------
- -
The CERT Coordination Center staff thanks Eric Allman, the author of sendmail,
for his extensive assistance with this advisory, Wolfgang Ley of DFN-CERT for
his support in the development of the advisory, and D. J. Bernstein of the
University of Illinois at Chicago for reporting the resource starvation
vulnerability.
- ------------------------------------------------------------------------------

[End CERT Bulletin]

[Append Sun Microsystems, Inc. Bulletin]

______________________________________________________________________________
                   Sun Microsystems, Inc. Security Bulletin
               
Bulletin Number:        #00159
Date:                   December 3, 1997
Cross-Ref:             
Title:                  V8 Sendmail for SunOS(tm) 4.1.4 and 4.1.3_U1
______________________________________________________________________________
The information contained in this Security Bulletin is provided "AS IS."
Sun makes no warranties of any kind whatsoever with respect to the information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.

IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES.

If any of the above provisions are held to be in violation of applicable law,
void, or unenforceable in any jurisdiction, then such provisions are waived
to the extent necessary for this disclaimer to be otherwise enforceable in
such jurisdiction.
______________________________________________________________________________

1.  Bulletins Topics

    Sun announces the release of patches for SunOS 4.1.4 and 4.1.3_U1
    containing the same version of sendmail included with SunOS 5.x:
    V8.6.9 plus extensions. SunOS 4.1.4 and 4.1.3_U1 originally
    included V5 sendmail.

    Sun recommends that customers using sendmail on SunOS 4.1.4 and
    4.1.3_U1 install the patches listed in section 4 below to take
    advantage of security and other enhancements found in V8 sendmail.
   
2.  Understanding What is Available

    sendmail is a public domain utility based on SMTP, which provides
    internetwork mail routing.  SunOS 4.1.4 and 4.1.3_U1 originally
    included version 5 of the public domain sendmail with Sun
    enhancements. 
   
    Various security related improvements were made to subsequent versions
    of the public domain sendmail. These improvements were included in the
    version of sendmail that Sun provides with SunOS 5.x, V8.6.9; in addition,
    Sun's version includes enhancements to address subsequently identified
    security vulnerabilities. The patches listed in section 4 below provide
    this same version of Sun sendmail for SunOS 4.1.4 and 4.1.3_U1 customers.

3.  Support for Sun's sendmail

    The patches listed in section 4 below are covered by Sun's normal
    support policy.

    Sun's V5 sendmail is currently covered by Sun's normal support policy.
    However, with this release of V8 sendmail for SunOS 4.1.4 and 4.1.3_U1.
    Sun will cease to update V5 patches after May 31, 1998. Patches affected
    are 102423-xx for SunOS 4.1.4 and 101665-xx for SunOS 4.1.3_U1.

4.  List of Patches

    Sun's most current version of sendmail is provided for SunOS 4.1.4
    and 4.1.3_U1 via these patches:

    OS version          Patch ID
    ______________      _________
    SunOS 4.1.4         105466-01
    SunOS 4.1.3_U1      105465-01

______________________________________________________________________________
APPENDICES

A.  Patches listed in this bulletin are available to all Sun customers via
    World Wide Web at:
   
        <URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>

B.  Checksums for the patches listed in this bulletin are available via
    World Wide Web at:

        <URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>

C.  Sun security bulletins are available via World Wide Web at:

        <URL:http://sunsolve.sun.com/sunsolve/secbulletins>
       
D.  Sun Security Coordination Team's PGP key is available via World Wide Web
    at:

        <URL:http://sunsolve.sun.com/sunsolve/secbulletins/SunSCkey.txt>
                                   
E.  To report or inquire about a security problem with Sun software, contact
    one or more of the following:
 
        - Your local Sun answer centers
        - Your representative computer security response team, such as CERT
        - Sun Security Coordination Team. Send email to:
        
                security-alert@sun.com

F.  To receive information or subscribe to our CWS (Customer Warning System)
    mailing list, send email to:
   
                security-alert@sun.com
  
    with a subject line (not body) containing one of the following commands:

        Command         Information Returned/Action Taken
        _______         _________________________________

        help            An explanation of how to get information
       
        key             Sun Security Coordination Team's PGP key
       
        list            A list of current security topics

        query [topic]   The email is treated as an inquiry and is forwarded to
                        the Security Coordination Team

        report [topic]  The email is treated as a security report and is
                        forwarded to the Security Coordinaton Team. Please
                        encrypt sensitive mail using Sun Security Coordination
                        Team's PGP key

        send topic      A short status summary or bulletin. For example, to
                        retrieve a Security Bulletin #00138, supply the
                        following in the subject line (not body):
                       
                                send #138

        subscribe       Sender is added to our mailing list.  To subscribe,
                        supply the following in the subject line (not body):

                                subscribe cws your-email-address
                       
                        Note that your-email-address should be substituted
                        by your email address.
                       
        unsubscribe     Sender is removed from the CWS mailing list.
______________________________________________________________________________

Copyright 1997 Sun Microsystems, Inc. All rights reserved. Sun,
Sun Microsystems, Solaris and SunOS are trademarks or registered trademarks
of Sun Microsystems, Inc. in the United States and other countries. This
Security Bulletin may be reproduced and distributed, provided that this
Security Bulletin is not modified in any way and is attributed to
Sun Microsystems, Inc. and provided that such reproduction and distribution
is performed for non-commercial purposes.


[End Append Sun Microsystems, Inc. Bulletin]

______________________________________________________________________________

CIAC wishes to acknowledge the contributions of Eric Allman, the author of
sendmail, Wolfgang Ley of DFN-CERT, D. J. Bernstein of the University of
Illinois at Chicago, and CERT for the information contained in this bulletin.
______________________________________________________________________________

CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 510-422-8193
    FAX:      +1 510-423-8002
    STU-III:  +1 510-423-2604
    E-mail:   ciac@llnl.gov

For emergencies and off-hour assistance, DOE, DOE contractor sites,
and the NIH may contact CIAC 24-hours a day. During off hours (5PM -
8AM PST), call the CIAC voice number 510-422-8193 and leave a message,
or call 800-759-7243 (800-SKY-PAGE) to send a Sky Page. CIAC has two
Sky Page PIN numbers, the primary PIN number, 8550070, is for the CIAC
duty person, and the secondary PIN number, 8550074 is for the CIAC
Project Leader.

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://ciac.llnl.gov/
   Anonymous FTP:       ciac.llnl.gov (198.128.39.53)
   Modem access:        +1 (510) 423-4753 (28.8K baud)
                        +1 (510) 423-3331 (28.8K baud)

CIAC has several self-subscribing mailing lists for electronic
publications:
1. CIAC-BULLETIN for Advisories, highest priority - time critical
   information and Bulletins, important computer security information;
2. SPI-ANNOUNCE for official news about Security Profile Inspector
   (SPI) software updates, new features, distribution and
   availability;
3. SPI-NOTES, for discussion of problems and solutions regarding the
   use of SPI products.

Our mailing lists are managed by a public domain software package
called Majordomo, which ignores E-mail header subject lines. To
subscribe (add yourself) to one of our mailing lists, send the
following request as the E-mail message body, substituting
ciac-bulletin, spi-announce OR spi-notes for list-name:

E-mail to       ciac-listproc@llnl.gov or majordomo@tholia.llnl.gov:
        subscribe list-name
  e.g., subscribe ciac-bulletin

You will receive an acknowledgment email immediately with a confirmation
that you will need to mail back to the addresses above, as per the
instructions in the email.  This is a partial protection to make sure
you are really the one who asked to be signed up for the list in question.

If you include the word 'help' in the body of an email to the above address,
it will also send back an information file on how to subscribe/unsubscribe,
get past issues of CIAC bulletins via email, etc.

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

G-33: rdist vulnerability
G-34: HP-UX Vulnerabilities (netttune, SAM remote admin)
G-35: SUN Microsystems Solaris vold Vulnerability
G-36: HP-UX Vulnerabilities in elm and rdist Programs
G-37: Vulnerability in Adobe FrameMaker (fm_fls)
G-38: Linux Vulnerabilities in mount and umount Programs
G-39: Vulnerability in expreserve
G-40: SGI admin and user Program Vulnerabilities
G-41: Vulnerability in BASH Program
G-42: Vulnerability in WorkMan Program



-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBNIhvn7nzJzdsy3QZAQHgKAP8CsyIZtoU6Aawlj7H+rMxcK+XBWVpsJmI
sHcOW99P6UbS06muAvZBPpu6HDzydy/KMP0Lmq+Tpn8HfrluZUbr20hJXqZXfY3D
7vo9S6hoFONj1mbR72OZOL/76Cz0E3d1UxMfyPuzI5JUuV0GMTupw/zPTA2u2xg5
ZLAA/bzaVOA=
=f0kb
-----END PGP SIGNATURE-----


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH