TUCoPS :: SunOS/Solaris :: cert0027.txt

SunOS lpd vulnerability


-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
CA-91:10a                       CERT Advisory
                              September 12, 1991
               REVISION NOTICE: New Patch for SunOS /usr/lib/lpd

- ---------------------------------------------------------------------------

                 *** THIS IS A REVISED CERT ADVISORY ***
                    *** CONTAINS NEW INFORMATION ***

There were a number of problems with various early versions of Sun
Microsystems, Inc. (Sun) /usr/lib/lpd patch ( Patch ID 100305-xx ).  
While security problems were fixed in the patches, a remote print
spooling problem was introduced.  Sun believes all the problems have 
been fixed and they are now releasing the enclosed information 
concerning a new patch version.  They have given the CERT/CC permission 
to distribute this information.

The Computer Emergency Response Team/Coordination Center (CERT/CC) 
recommends that all affected sites follow the information provided 
by Sun Microsystems in this bulletin.

- ---------------------------------------------------------------------------
START OF SUN-SUPPLIED INFORMATION
===========================================================================


SUN MICROSYSTEMS SECURITY BULLETIN:

This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this 
information without the express written consent of Sun Microsystems
shall be prohibited.


Sun expressly disclaims all liability for any misuse of this information
by any third party.
- ---------------------------------------------------------------------------


This is more an update on the lpd fix than any new information.

First the update.

After a lengthy beta test cycle, there is now available a new version
of the lpd security fix.  The patch-ID# is 100305-06.

This patch is available via anonymous ftp from the ftp.uu.net system in the
sun-dist directory as 100305-06.tar.Z, or through your local Sun Answer 
Center.  The checksum information for the file available from ftp.uu.net is:

                24474   440   100305-06.tar.Z

- --------------------------------------------------------------------------

Some history.

An lpd bug was discovered where lpd could be used to remove system files
(/etc/passwd or /.rhosts as examples). This bug was fixed with 100305-01.

A second bug was also shown that could still be used to remove system files.
This fix was rolled into 100305-02.

An lpc problem that touched one of the same modules as in the lpd fix was fixed
and the subsequent change rolled into the lpd patch 100305-03.

Two additional problems were sent to Sun: one having to do with RPC calls to
lpd and the second having to do with postscript calls to lpd, thus 100305-04.

It was in creating the -04 version that we unknowingly introduced a remote
spool problem on the SunOS 4.1.1 version of the patch. The problem was that
if the remote queue had jobs in it, the local job sent was often truncated
to zero length.

The -05 version was an attempt to back out the last few changes to remove the
remote print problem.  Unfortunately, it did not.  It was at this time that
we decided to do a lengthy evaluation and test cycle to ensure that the newest
version fixed all the reported problems as well as fixed the remote
spool bug we had introduced.

The 100305-06 patch is the result of that lengthy test cycle.

Thank you all for your support through all this.

Brad Powell
Software Security Coordinator
Sun Microsystems.

===========================================================================
END OF SUN-SUPPLIED INFORMATION
- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact CERT/CC via
telephone or e-mail.

Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.org
Telephone: 412-268-7090 24-hour hotline:
           CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
           on call for emergencies during other hours.

Past advisories and other computer security related information are available
for anonymous ftp from the cert.org (192.88.209.5) system.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaMws3VP+x0t4w7BAQH68QP+L+bK+n5KYg0upxIeaui1/mqoW2eZF0E5
Y5tFR1rrLOhD3xmog4X+2o+kb4YMcGVHF8mVL0K5J4vAqiHZXYD/skIUrbeUGJNP
sIsmZo3kXmpji+6hP3rjRnOU4BjgzgdbeVYPT+m4Rm0DuogaofC8+5ZUKAN5Huo1
BylnI2mJ3hs=
=LaXK
-----END PGP SIGNATURE-----


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH