digital.unix.dtlogin.txt

`Date: Fri, 11 Jun 1999 11:11:10 -0700 (PDT)  
From: CIAC Mail User <[email protected]>  
To: [email protected]  
Subject: CIAC Bulletin J-044: Tru64/Digital UNIX (dtlogin) Security Vulnerability  
  
[ For Public Release ]  
-----BEGIN PGP SIGNED MESSAGE-----  
  
__________________________________________________________  
  
The U.S. Department of Energy  
Computer Incident Advisory Capability  
___ __ __ _ ___  
/ | /_\ /  
\___ __|__ / \ \___  
__________________________________________________________  
  
INFORMATION BULLETIN  
  
Tru64/Digital UNIX (dtlogin) Security Vulnerability  
  
June 10, 1999 21:00 GMT Number J-044  
______________________________________________________________________________  
  
PROBLEM: There is a potential vulnerability with the  
/usr/dt/bin/dtlogin in Compaq's Tru64/DIGITAL UNIX  
software, where under certain circumstances, a user  
may gain unauthorized access as superuser.  
PLATFORM: Systems running Tru64/DIGITAL UNIX V4.0B,  
V4.0D, V4.0E and V4.0F.  
DAMAGE: Under certain circumstances, a user may gain  
unauthorized access as superuser.  
SOLUTION: Apply the vendor-supplied patch.  
______________________________________________________________________________  
VULNERABILITY The risk is high due to the possibility of gaining a root  
ASSESSMENT: compromise.   
______________________________________________________________________________  
  
[ Start Compaq Computer Corporation Advisory ]  
  
________________________________________________________  
UPDATE: May 11, 1999  
TITLE: Tru64/DIGITAL UNIX V4.0b, V4.0d, V4.0e and V4.0f  
Potential Security Vulnerability  
ref#: SSRT0600U "dtlogin"  
  
SOURCE: Compaq Computer Corporation  
Software Security Response Team  
  
"Compaq is broadly distributing this Security Advisory in order  
to bring to the attention of users of Compaq products the  
important security information contained in this Advisory.  
Compaq recommends that all users determine the applicability of  
this information to their individual situations and take  
appropriate action.  
  
Compaq does not warrant that this information is necessarily  
accurate or complete for all user situations and, consequently,  
Compaq will not be responsible for any damages resulting from  
user's use or disregard of the information provided in this  
Advisory."  
  
- -----------------------------------------------------------------------  
IMPACT:  
  
Compaq has discovered a potential vulnerability with the  
/usr/dt/bin/dtlogin in Compaq's Tru64/DIGITAL UNIX software,  
where under certain circumstances, a user may gain unauthorized  
access as superuser.  
  
- -----------------------------------------------------------------------  
RESOLUTION:  
  
This potential security problem has been resolved and a  
patch for this problem has been made available for  
Tru64/DIGITAL UNIX V4.0B, V4.0D, V4.0E and V4.0F.  
  
Systems with enhanced security enabled and one or more of  
the products listed below, should install this patch immediately.  
- Distributed Computing Environment (DCE) from Compaq  
- - Advanced Server for Digital UNIX (ASDU) from Compaq  
- - AFS Enterprise File Systems from Transarc  
- - Kerberos 4 Network Authentication Protocol from MIT  
  
If you need this patch for V4.0, V4.0A or V4.0C, please contact  
your normal Compaq Services support channel.  
  
*This solution will be included in a future distributed release of  
Compaq's Tru64/DIGITAL UNIX.  
  
This patch may be obtained from the World Wide Web at the  
following FTP address:  
  
http://www.service.digital.com/patches  
  
  
  
Use the FTP access option, select DIGITAL_UNIX directory,  
then choose the appropriate version directory and  
download the patch accordingly.  
  
Note: [1] The appropriate patch kit must be installed  
following any upgrade to V4.0b, V4.0d, V4.0e or V4.0f.  
  
[1a] These patches may be used on any patch kit/base level.  
  
[2] IMPORTANT - Please review all README and  
release notes which are related to this patch or an  
official patch kit, prior to installation of this patch.  
  
Additional Considerations:  
  
This patch updates the following component:  
  
/usr/dt/bin/dtlogin  
  
If you believe you have, or aren't sure if you have, previously  
installed a patch to this module you should contact your  
normal Compaq Service channel.  
  
Also, if you need further information, please contact your normal  
Compaq Services support channel.  
  
Compaq appreciates your cooperation and patience. We regret any  
inconvenience applying this information may cause.  
  
As always, Compaq urges you to periodically review your system  
management and security procedures.  
  
Compaq will continue to review and enhance the security  
features of its products and work with customers to maintain and  
improve the security and integrity of their systems.  
  
________________________________________________________  
Copyright (c) Compaq Computer Corporation, 1999 All  
Rights Reserved.  
Unpublished Rights Reserved under the Copyright Laws Of  
The United States.  
________________________________________________________  
  
[ End Compaq Computer Corporation Advisory ]  
  
______________________________________________________________________________  
  
CIAC wishes to acknowledge the Compaq Computer Corporation for the information  
contained in this bulletin.  
______________________________________________________________________________  
  
  
For additional information or assistance, please contact CIAC:  
  
CIAC, the Computer Incident Advisory Capability, is the computer  
security incident response team for the U.S. Department of Energy  
(DOE) and the emergency backup response team for the National  
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore  
National Laboratory in Livermore, California. CIAC is also a founding  
member of FIRST, the Forum of Incident Response and Security Teams, a  
global organization established to foster cooperation and coordination  
among computer security teams worldwide.  
  
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC  
can be contacted at:  
Voice: +1 925-422-8193  
FAX: +1 925-423-8002  
STU-III: +1 925-423-2604  
E-mail: [email protected]  
  
For emergencies and off-hour assistance, DOE, DOE contractor sites,  
and the NIH may contact CIAC 24-hours a day. During off hours (5PM -  
8AM PST), use one of the following methods to contact CIAC:  
  
1. Call the CIAC voice number 925-422-8193 and leave a message, or  
  
2. Call 888-449-8369 to send a Sky Page to the CIAC duty person or  
  
3. Send e-mail to [email protected], or  
  
4. Call 800-201-9288 for the CIAC Project Leader.  
  
Previous CIAC notices, anti-virus software, and other information are  
available from the CIAC Computer Security Archive.  
  
World Wide Web: http://www.ciac.org/  
(or http://ciac.llnl.gov)  
Anonymous FTP: ftp.ciac.org  
(or ciac.llnl.gov)  
Modem access: +1 (925) 423-4753 (28.8K baud)  
+1 (925) 423-3331 (28.8K baud)  
  
CIAC has several self-subscribing mailing lists for electronic  
publications:  
1. CIAC-BULLETIN for Advisories, highest priority - time critical  
information and Bulletins, important computer security information;  
2. SPI-ANNOUNCE for official news about Security Profile Inspector  
(SPI) software updates, new features, distribution and  
availability;  
3. SPI-NOTES, for discussion of problems and solutions regarding the  
use of SPI products.  
  
Our mailing lists are managed by a public domain software package  
called Majordomo, which ignores E-mail header subject lines. To  
subscribe (add yourself) to one of our mailing lists, send the  
following request as the E-mail message body, substituting  
ciac-bulletin, spi-announce OR spi-notes for list-name:  
  
E-mail to [email protected] or [email protected]:  
subscribe list-name  
e.g., subscribe ciac-bulletin  
  
You will receive an acknowledgment email immediately with a confirmation  
that you will need to mail back to the addresses above, as per the  
instructions in the email. This is a partial protection to make sure  
you are really the one who asked to be signed up for the list in question.  
  
If you include the word 'help' in the body of an email to the above address,  
it will also send back an information file on how to subscribe/unsubscribe,  
get past issues of CIAC bulletins via email, etc.  
  
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing  
communities receive CIAC bulletins. If you are not part of these  
communities, please contact your agency's response team to report  
incidents. Your agency's team will coordinate with CIAC. The Forum of  
Incident Response and Security Teams (FIRST) is a world-wide  
organization. A list of FIRST member organizations and their  
constituencies can be obtained via WWW at http://www.first.org/.  
  
This document was prepared as an account of work sponsored by an  
agency of the United States Government. Neither the United States  
Government nor the University of California nor any of their  
employees, makes any warranty, express or implied, or assumes any  
legal liability or responsibility for the accuracy, completeness, or  
usefulness of any information, apparatus, product, or process  
disclosed, or represents that its use would not infringe privately  
owned rights. Reference herein to any specific commercial products,  
process, or service by trade name, trademark, manufacturer, or  
otherwise, does not necessarily constitute or imply its endorsement,  
recommendation or favoring by the United States Government or the  
University of California. The views and opinions of authors expressed  
herein do not necessarily state or reflect those of the United States  
Government or the University of California, and shall not be used for  
advertising or product endorsement purposes.  
  
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)  
  
J-034: Cisco 7xx TCP and HTTP Vulnerabilities  
J-035: Linux Blind TCP Spoofing  
J-036: LDAP Buffer overflow against Microsoft Directory Services  
J-037: W97M.Melissa Word Macro Virus  
J-038: HP-UX Vulnerabilities (hpterm, ftp)  
J-039: HP-UX Vulnerabilities (MC/ServiceGuard & MC/LockManager, DES  
J-040: HP-UX Security Vulnerability in sendmail  
J-041: Cisco IOS(R) Software Input Access List Leakage with NAT  
J-042: Web Security  
J-043: (bulletin in process)  
  
  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: 4.0 Business Edition  
  
iQCVAwUBN2E1nLnzJzdsy3QZAQGZWAP+LLkyHUQVu8iWeoAh8XMUNy+vEl0ysRFI  
iuSI9J+O/gTFwLMPugKeYOvFrLUs1/EPM4YH8zduPQHyMk/+0s2Jz3icj13d3Oc5  
9SRB1vAYtridVzjAU1XwXUj8xzzdyx//8qSygt69tfJm1kEweR70AAXwUhGY2pus  
kZ2eTla3ldU=  
=h3+v  
-----END PGP SIGNATURE-----  
  
`