Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: ciaci004.txt

Nec Unix Nosuid Mount Option Vul




-----BEGIN PGP SIGNED MESSAGE-----

             __________________________________________________________

                       The U.S. Department of Energy
                    Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                 NEC /UNIX "nosuid" mount option Vulnerability

October 14, 1997 20:00 GMT                                        Number I-004
______________________________________________________________________________
PROBLEM:       NEC Corporation has identified and corrected a vulnerability
               with the "nosuid" mount(1) option.
PLATFORM:      The following NEC/UNIX platforms are affected:
                 EWS-UX/V(Rel4.2) R7.x - R10.x
                 EWS-UX/V(Rel4.2MP) R10.x
                 UP-UX/V(Rel4.2MP) R5.x - R7.x
                 UX/4800 R11.x - 12.1
DAMAGE:        Local users may invoke commands as other users and possibly
               achieve root privileges to execute arbitrary commands.
SOLUTION:      Apply patches or workarounds as listed below.
______________________________________________________________________________
VULNERABILITY  NEC strongly recommends that administrators of affected systems
ASSESSMENT:    follow the instructions in section 3 of this bulletin.
______________________________________________________________________________

[ Start NEC Corporation Advisory ]

______________________________________________________________________________
                        NEC Corporation Security Bulletin

Title:          Vulnerability in "nosuid" mount option
Affects:        EWS-UX/V(Rel4.2) R7.x - R10.x
                EWS-UX/V(Rel4.2MP) R10.x
                UP-UX/V(Rel4.2MP) R5.x - R7.x
                UX/4800 R11.x - 12.1
Document ID:    SB-19971010-01
Date Issued:    October 10, 1997
______________________________________________________________________________

1. Description

    NEC Corporation has identified and corrected a problem with the
    "nosuid" mount(1) option.  The "nosuid" mount(1) option nullifies
    the effect of setuid and setgid bits for files on a particular file
    system.  This problem manifests itself by allowing setuid and setgid
    program execution on file systems mounted with "nosuid".

    The following NEC/UNIX platforms are affected:

        EWS-UX/V(Rel4.2) R7.x - R10.x
        EWS-UX/V(Rel4.2MP) R10.x
        UP-UX/V(Rel4.2MP) R5.x - R7.x
        UX/4800 R11.x - 12.1

    NEC strongly recommends that administrators of affected systems
    follow the instructions in section 3 of this bulletin.

2. Impact

    By exploiting this vulnerability, local users can invoke commands
    as other users and possibly achieve root privileges to execute
    arbitrary commands.

3. Workarounds/Solution

    The patches listed below change the way execution privileges are
    calculated so that setuid and setgid bits are correctly ignored on
    file systems mounted with the "nosuid" option.

    Patches for platforms not listed in Section 3.2 are still in progress.
    For these systems, we recommend either unmounting file systems mounted
    "nosuid" or applying the workaround as described in Section 3.1 until
    patches are made available.

3.1. Remove setuid/setgid permission (workaround)

    To prevent possible exploitation of this vulnerability, until a patch
    is made available for your platform, we recommend the following steps:

    1) Make a local copy of each remote file system mounted with the
       "nosuid" option.

        # find <mountpoint> -depth -print | cpio -pdm <localcopy>

    2) Unmount the remote file system and replace it with the local copy.

        # umount <mountpoint>
        # mount <localdev> <mountpoint>

    3) Run the find(1) command below to remove all setuid and setgid bits
       on files in the local copy of the remote hierarchy.

        # find <mountpoint> -print -exec chmod ug-s {} \;

3.2. Install a patch

    This vulnerability is corrected by the following patches:

        OS version                      Patch ID
        ----------                      --------
        EWS-UX/V(Rel4.2) R7.x           NECe70093
        EWS-UX/V(Rel4.2) R8.x           NECe80121
        EWS-UX/V(Rel4.2) R9.x           NECe90281, NECe90282(for 110N)
        EWS-UX/V(Rel4.2) R10.x          NECea0168
        EWS-UX/V(Rel4.2MP) R10.x        NECma0378
        UP-UX/V(Rel4.2MP) R5.x          NECu50078
        UP-UX/V(Rel4.2MP) R6.x          NECu60217
        UP-UX/V(Rel4.2MP) R7.x          NECu70541
        UX/4800 R11.x                   NECmb0668
        UX/4800 R12.x                   NECmc0054

    See section 4 of this bulletin for checksum information.

    These patches are available from:
        ftp://ftp.meshnet.or.jp/pub/48pub/security

    For a directory tree map, consult the README file.

    For further information, please contact by e-mail:
        UX48-security-support@nec.co.jp

4. Checksum and additional information for patches.

    Patch ID: NECe70093

        Patch          : NECe70093.210.pkg.Z
        Target Hardware: 210,120LT,215,130LT,210II
        sum            : 17018 22
        md5            : 56CE37185FD7D5BCB6D28F6BD8DEFFBB

        Patch          : NECe70093.220.pkg.Z
        Target Hardware: 220,260,230
        sum            : 16078 22
        md5            : 251A0B2239B415A6F9324F68C99F8B14

        Patch          : NECe70093.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
        sum            : 18075 22
        md5            : 54A7DA54894E470CC8F4C879E6283AD0

        Patch          : NECe70093.350.pkg.Z
        Target Hardware: 350,350F,380
        sum            : 892 21
        md5            : BCBB5A319A0AB471ECB8EE5F154ECDCE

    Patch ID: NECe80121

        Patch          : NECe80121.210.pkg.Z
        Target Hardware: 210,120LT,215,130LT,210II
        sum            : 35542 21
        md5            : 6D33DCE306B41996CB671EB9DB3DADD3

        Patch          : NECe80121.220.pkg.Z
        Target Hardware: 220,260,230
        sum            : 19176 21
        md5            : 32F955A3DEA4B76D552ACE5C3125AA9B

        Patch          : NECe80121.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
                         140LT,150LT,360AD,360A,OM
        sum            : 6993 21
        md5            : 9425197116B75C919B10DF0F2A948A78

        Patch          : NECe80121.350.pkg.Z
        Target Hardware: 350,350F,380
        sum            : 4723 21
        md5            : 5A86DA101711317C1DA87541155229CC

    Patch ID: NECe90281

        Patch          : NECe90281.210.pkg.Z
        Target Hardware: 210,120LT,215,130LT,210II
        sum            : 1426 20
        md5            : 1BE96184A9C6645899DD6CFFC1C5E00D

        Patch          : NECe90281.220.pkg.Z
        Target Hardware: 220,260,230
        sum            : 4671 20
        md5            : CA002CF9C4B86880D044F320B80D9800

        Patch          : NECe90281.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
                         140LT,150LT,360AD,360A,OM
                         310LC,320EX,320SX,330EX,330AD
                         360EX,360ADII
        sum            : 49879 20
        md5            : 2045FF5FC608600DBE87D8C2AF08F7AA

        Patch          : NECe90281.350.pkg.Z
        Target Hardware: 350,350F,380
        sum            : 53666 20
        md5            : D0722E3257CEADFA8E3B60D68EAA9C8C

    Patch ID: NECe90282

        Patch          : NECe90282.110N.pkg.Z
        Target Hardware: 110N
        sum            : 49054 20
        md5            : A244594291D8A8E398105EF1786B5A2A

    Patch ID: NECma0378

        Patch          : NECma0378.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
                         140LT,150LT,360AD,360A,OM
                         310LC,320EX,320SX,330EX,330AD
                         360EX,360ADII,320VX,360SX
        sum            : 62412 25
        md5            : 0ABDB0D337474622A178B5A90010DF1F

        Patch          : NECma0378.360MP.pkg.Z
        Target Hardware: 360MP
        sum            : 23244 25
        md5            : 682AA6A8BC97E91DBC14253F8E9C6FFC

    Patch ID: NECea0168
        Patch          : NECea0168.110N.pkg.Z
        Target Hardware: 110N,310EC
        sum            : 13328 21
        md5            : 21D6648E69158622AECAD8A1F1538511

    Patch ID: NECmb0668

        Patch          : NECmb0668.110N.pkg.Z
        Target Hardware: 110N,310EC,310LX,310ECII,110NII
        sum            : 61039 24
        md5            : 066DBA2EBAAB87B10D3C55C4161232F1

        Patch          : NECmb0668.210.pkg.Z
        Target Hardware: 210,120LT,215,130LT,210II
        sum            : 43893 24
        md5            : D6A0A08C2008F11BF1D11D670910893F

        Patch          : NECmb0668.220.pkg.Z
        Target Hardware: 220,260,230
        sum            : 47818 24
        md5            : A93FA1EE90055120892BF96FED4071C9

        Patch          : NECmb0668.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
                         140LT,150LT,360AD,360A,OM
                         310LC,320EX,320SX,330EX,330AD
                         360EX,360ADII,320VX,360SX
        sum            : 63097 24
        md5            : FBEEC273976D44E8593791CBC3006E94

        Patch          : NECmb0668.350.pkg.Z
        Target Hardware: 350,350F,380
        sum            : 46118 24
        md5            : 14AFB2F7CBE0FECE66C43E15D53A6959

        Patch          : NECmb0668.360MP.pkg.Z
        Target Hardware: 360MP
        sum            : 34423 24
        md5            : 04FFC169C0056C2E0E991C5593EC13EB

        Patch          : NECmb0668.FM.pkg.Z
        Target Hardware: 760,660R
        sum            : 34722 24
        md5            : 0E875E8E6677223C19EF92FFD8AAA17B

        Patch          : NECmb0668.ML.pkg.Z
        Target Hardware: 610
        sum            : 31695 24
        md5            : 43F48AE10F46DD5675F54C4171979B93

        Patch          : NECmb0668.RH.pkg.Z
        Target Hardware: 660,680,690,670,675
                         675AD
        sum            : 42993 24
        md5            : 84FCEF5034A0E5A430367A6F4F813839

        Patch          : NECmb0668.RH0.pkg.Z
        Target Hardware: 640,650
        sum            : 26945 24
        md5            : 5CC49D44154183D39DD18C51BA6D8BD9

        Patch          : NECmb0668.RL.pkg.Z
        Target Hardware: 605,615,615AD,615A
        sum            : 2916 24
        md5            : 0C88DA08FF160A1B132538E8A46E9E4B

        Patch          : NECmb0668.RM.pkg.Z
        Target Hardware: 625,635,635AD
        sum            : 63205 24
        md5            : 47D10396FC39C0FB7FE617D0B180DF08

        Patch          : NECmb0668.TH2.pkg.Z
        Target Hardware: 310PX,320PX,330PX
        sum            : 56681 24
        md5            : 12BC633B68667D8EC08E56B95CD1EC5B

        Patch          : NECmb0668.UD2.pkg.Z
        Target Hardware: 360PX,360PXII
        sum            : 26095 24
        md5            : 53251D6148665B16ADF3DF224485BA96

    Patch ID: NECmc0054

        Patch          : NECmc0054.110N.pkg.Z
        Target Hardware: 110N,310EC,310LX,310ECII,110NII
        sum            : 38080 23
        md5            : B27726AA05A082079E951F00222D6E7D

        Patch          : NECmc0054.210.pkg.Z
        Target Hardware: 210,120LT,215,130LT,210II
        sum            : 39082 23
        md5            : 590586BE5E847BD34780D2A68A908495

        Patch          : NECmc0054.220.pkg.Z
        Target Hardware: 220,260,230
        sum            : 37616 23
        md5            : CA9AD4DB7476E6753C7E06F5835AC61B

        Patch          : NECmc0054.330.pkg.Z
        Target Hardware: 330,110LT,310,320,360
                         140LT,150LT,360AD,360A,OM
                         310LC,320EX,320SX,330EX,330AD
                         360EX,360ADII,320VX,360SX
        sum            : 42500 23
        md5            : 31F228CA399A16DCEC4C7641D63D2E54

        Patch          : NECmc0054.350.pkg.Z
        Target Hardware: 350,350F,380
        sum            : 47172 23
        md5            : 711FBF6BD131FFA6FB1AC2E82BDB863D

        Patch          : NECmc0054.360MP.pkg.Z
        Target Hardware: 360MP
        sum            : 32933 23
        md5            : 20C52796D74B8FE1CD7FEC7CEA116708

        Patch          : NECmc0054.EH3.pkg.Z
        Target Hardware: 410,420
        sum            : 33478 23
        md5            : 5DE177B5E0BA6517192A6CB6DB53E4E8

        Patch          : NECmc0054.EL.pkg.Z
        Target Hardware: 710
        sum            : 2088 23
        md5            : 35908F4C918DA2D164D8C9B27A71061A

        Patch          : NECmc0054.FL.pkg.Z
        Target Hardware: 740
        sum            : 31787 23
        md5            : A4DD978D309F37DA72151247770ECC0D

        Patch          : NECmc0054.FM.pkg.Z
        Target Hardware: 760,660R,760R
        sum            : 31135 23
        md5            : F5FC7DBA2CFAD595FE72B520268BA02B

        Patch          : NECmc0054.ML.pkg.Z
        Target Hardware: 610
        sum            : 18801 23
        md5            : AD5954BF0E57B1593B12BAEB5A0C7151

        Patch          : NECmc0054.RH.pkg.Z
        Target Hardware: 660,680,690,670,675
                         675AD,770
        sum            : 18516 23
        md5            : A84E91CE094441E55BC967F0A33129E5

        Patch          : NECmc0054.RH0.pkg.Z
        Target Hardware: 640,650
        sum            : 27899 23
        md5            : 5B47CABA685D0C428869CC300BB1E8DE

        Patch          : NECmc0054.RL.pkg.Z
        Target Hardware: 605,615,615AD,615A
        sum            : 48090 23
        md5            : 5AD2B54F85BF83EE934D10BA8ABA3637

        Patch          : NECmc0054.RM.pkg.Z
        Target Hardware: 625,635,635AD
        sum            : 49278 23
        md5            : 3EEEAB2D6B42B8EF58291F07F7986E0E

        Patch          : NECmc0054.TH2.pkg.Z
        Target Hardware: 310PX,320PX,330PX
        sum            : 36503 23
        md5            : 7F937DFCAC8A09E39CDFA3DB757C7529

        Patch          : NECmc0054.UD2.pkg.Z
        Target Hardware: 360PX,360PXII
        sum            : 34087 23
        md5            : 7BD3E3E1C0C44AC0FF96071F0D7E3B04

        Patch          : NECmc0054.UD3.pkg.Z
        Target Hardware: 460
        sum            : 21713 23
        md5            : 02850DACF247867594A999A9CF32E5C3

    Patch ID: NECu50078
       
        Patch          : NECu50078.RH.pkg.Z
        Target Hardware: 660,680
        sum            : 24590 23
        md5            : A0CB7CE51889544BA00BA8600CA64068

    Patch ID: NECu60217

        Patch          : NECu60217.RH.pkg.Z
        Target Hardware: 660,680,690
        sum            : 12320 23
        md5            : B2853692FDB387C7A132BF5AE5047B33

        Patch          : NECu60217.RH0.pkg.Z
        Target Hardware: 640,650
        sum            : 18714 23
        md5            : EB2AD3AD7F0AC59E0750491D19446115

        Patch          : NECu60217.RL.pkg.Z
        Target Hardware: 605,615,615AD,615A
        sum            : 40312 24
        md5            : 3EFBE0C6873017ABFA7D2632BB7F686D

        Patch          : NECu60217.RM.pkg.Z
        Target Hardware: 625,635,635AD
        sum            : 21912 24
        md5            : 6B5B2936D081D849DEBC649595F917DD

    Patch ID: NECu70541

        Patch          : NECu70541.ML.pkg.Z
        Target Hardware: 610
        sum            : 43559 25
        md5            : E009D5CC456DDB3E5347038A584C724C

        Patch          : NECu70541.RH.pkg.Z
        Target Hardware: 660,680,690
        sum            : 47473 25
        md5            : 26A98C96AF71341961CC57CC5E55EB27

        Patch          : NECu70541.RH0.pkg.Z
        Target Hardware: 640,650
        sum            : 36458 25
        md5            : EAD7B3F4A48E97E4BCBAE83B298EE265

        Patch          : NECu70541.RL.pkg.Z
        Target Hardware: 605,615,615AD,615A
        sum            : 56520 25
        md5            : 593BD721536ABC1BC0694D757DD4387B

        Patch          : NECu70541.RM.pkg.Z
        Target Hardware: 625,635,635AD
        sum            : 5840 25
        md5            : 5D9AA821BE9D01AF39512E448E3F520E

============================================================================

[ End  NEC Corporation Advisory ]

______________________________________________________________________________

CIAC wishes to acknowledge the contributions of NEC Corporation for the
information contained in this bulletin.
______________________________________________________________________________


CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 510-422-8193
    FAX:      +1 510-423-8002
    STU-III:  +1 510-423-2604
    E-mail:   ciac@llnl.gov

For emergencies and off-hour assistance, DOE, DOE contractor sites,
and the NIH may contact CIAC 24-hours a day. During off hours (5PM -
8AM PST), call the CIAC voice number 510-422-8193 and leave a message,
or call 800-759-7243 (800-SKY-PAGE) to send a Sky Page. CIAC has two
Sky Page PIN numbers, the primary PIN number, 8550070, is for the CIAC
duty person, and the secondary PIN number, 8550074 is for the CIAC
Project Leader.

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://ciac.llnl.gov/
   Anonymous FTP:       ciac.llnl.gov (198.128.39.53)
   Modem access:        +1 (510) 423-4753 (28.8K baud)
                        +1 (510) 423-3331 (28.8K baud)

CIAC has several self-subscribing mailing lists for electronic
publications:
1. CIAC-BULLETIN for Advisories, highest priority - time critical
   information and Bulletins, important computer security information;
2. CIAC-NOTES for Notes, a collection of computer security articles;
3. SPI-ANNOUNCE for official news about Security Profile Inspector
   (SPI) software updates, new features, distribution and
   availability;
4. SPI-NOTES, for discussion of problems and solutions regarding the
   use of SPI products.

Our mailing lists are managed by a public domain software package
called Majordomo, which ignores E-mail header subject lines. To
subscribe (add yourself) to one of our mailing lists, send the
following request as the E-mail message body, substituting
ciac-bulletin, ciac-notes, spi-announce OR spi-notes for list-name:

E-mail to       ciac-listproc@llnl.gov or majordomo@tholia.llnl.gov:
        subscribe list-name
  e.g., subscribe ciac-notes

You will receive an acknowledgment email immediately with a confirmation
that you will need to mail back to the addresses above, as per the
instructions in the email.  This is a partial protection to make sure
you are really the one who asked to be signed up for the list in question.

If you include the word 'help' in the body of an email to the above address,
it will also send back an information file on how to subscribe/unsubscribe,
get past issues of CIAC bulletins via email, etc.

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

H-104: HP-UX libXt Vulnerability
H-105: HP-UX vuefile, vuepad, dtfile, & dtpad Vulnerabilities
H-106: SGI IRIX LOCKOUT & login/scheme Vulnerabilities
H-107: UNIX Buffer Overflow in rdist Vulnerability
H-108: SunOS, Solaris libX11 Buffer Overflow Vulnerability
H-109: Solaris DCE and AFS Integrated login Vulnerability
H-110: Samba Servers Vulnerability
I-001: HP-UX Denial of Service via telnet Vulnerability
I-002: Cisco CHAP Authentication Vulnerability
I-003: HP-UX mediainit(1) Vulnerability


-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBNEUC97nzJzdsy3QZAQFLSwP+MGifaeGhaY4+l4yxlv7zWuZIjESp9UnW
SN1XTTzDTdpjFxJfmqMXJdHRcUElDDAeosPjsuCLLftQUzN4AFf9/UMa4oR5f1hu
T8MQvHqv5XFAuLlzeRfAx6eB2ZBclpeRI8mCFjh3ec8CycplLih4AYIP3/etVQKw
HK2LJyJUy8o=
=lJo/
-----END PGP SIGNATURE-----


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH