SunOS Unpassworded sync Account Multiple Issues

1988-01-01T21:10:29
ID OSVDB:17839
Type osvdb
Reporter OSVDB
Modified 1988-01-01T21:10:29

Description

Vulnerability Description

SunOS contains a flaw related to the default unpassworded 'sync' account that may allow local and remote users to carry out unintended activities. First, local users may use the account to obscure their entry in the 'who' output. This may make it difficult for administrators to track user activity or notice suspicious behavior. Second, if the 'root' account is set to use / as a home directory, the 'sync' account (which defaults to / for home directory) may execute start up files before running the /bin/sync command as intended. This may allow an unprivileged local/remote attacker to execute programs unexpectedly, and potentially gain access to the system through other means such as breaking out of interactive processes. Third, a remote user may be able to use the account to see the local 'motd' (message of the day) file which could disclose sensitive system information.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Implement a strong password for the 'sync' account.

Short Description

SunOS contains a flaw related to the default unpassworded 'sync' account that may allow local and remote users to carry out unintended activities. First, local users may use the account to obscure their entry in the 'who' output. This may make it difficult for administrators to track user activity or notice suspicious behavior. Second, if the 'root' account is set to use / as a home directory, the 'sync' account (which defaults to / for home directory) may execute start up files before running the /bin/sync command as intended. This may allow an unprivileged local/remote attacker to execute programs unexpectedly, and potentially gain access to the system through other means such as breaking out of interactive processes. Third, a remote user may be able to use the account to see the local 'motd' (message of the day) file which could disclose sensitive system information.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1995_2/0577.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1995_2/0580.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1995_2/0562.html