[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : SunOS NIS Vulnerability

Title: SunOS NIS Vulnerability
Released by: CERT
Date: 4th June 1992
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



===========================================================================

CA-92:13  

Last Revised:  September 19,1997

                Attached copyright statement



                             CERT Advisory

                               June 4, 1992

                          SunOS NIS Vulnerability

- ---------------------------------------------------------------------------



The Computer Emergency Response Team/Coordination Center (CERT/CC) has

received information concerning several vulnerabilities with NIS under

Sun Microsystems, Inc. SunOS.  These vulnerabilities exist in NIS under

SunOS 4.1, 4.1.1, and 4.1.2, and may or may not exist in earlier versions

of NIS.



Sun has provided fixes for SunOS 4.1, 4.1.1, and 4.1.2 for these

vulnerabilities.  The patch file containing these fixes is available

through your local Sun Answer Center and through anonymous ftp from

ftp.uu.net (137.39.1.9) in the /systems/sun/sun-dist directory.  Note

that these fixes will probably not be compatible with SunOS 4.0.3 and

earlier versions of the operating system.



Fix                              PatchID      Filename            Checksum

/usr/etc/{ypserv,ypxfrd,portmap} 100482-2     100482-02.tar.Z     53416   284



Please note that Sun will occasionally update patch files.  If you

find that the checksum is different, please contact Sun or the CERT/CC

for verification.



- ---------------------------------------------------------------------------



I.   Description



     A security vulnerability exists under NIS allowing unauthorized access

     to NIS information.



II.  Impact



     A user on a remote host can obtain copies of the NIS maps from a

     system running NIS.  The remote user can attempt to guess passwords

     for the system using the obtained NIS password map information.



III. Solution



     A.  Obtain and install the patch from Sun or from ftp.uu.net following

         the instructions provided in the "README" file.  



         1.  As root, rename the existing versions of

             /usr/etc/{ypserv,ypxfrd,portmap} and modify the

             permissions to prevent misuse.



             # mv /usr/etc/ypserv /usr/etc/ypserv.orig

             # mv /usr/etc/ypxfrd /usr/etc/ypxfrd.orig

             # mv /usr/etc/portmap /usr/etc/portmap.orig

             # chmod 0400 /usr/etc/ypserv.orig 

             # chmod 0400 /usr/etc/ypxfrd.orig

             # chmod 0400 /usr/etc/portmap.orig



         2.  Copy the new binaries into the /usr/etc directory.



             # cp `arch`/{4.1, 4.1.1, 4.1.2}/ypserv /usr/etc/ypserv

             # cp `arch`/{4.1, 4.1.1, 4.1.2}/ypxfrd /usr/etc/ypxfrd

             # cp `arch`/{4.1, 4.1.1, 4.1.2}/portmap /usr/etc/portmap

             # chown root /usr/etc/ypserv /usr/etc/ypxfrd /usr/etc/portmap

             # chmod 755 /usr/etc/ypserv /usr/etc/ypxfrd /usr/etc/portmap



         3.  Copy the securenets file to the /var/yp directory.  Any

             site that has an existing /var/yp/securenets file should 

             rename it prior copying the new version of the file.



             # cp `arch`/{4.1, 4.1.1, 4.1.2}/securenets /var/yp

             # chown root /var/yp/securenets

             # chmod 644 /var/yp/securenets



         4.  Edit the /var/yp/securenets file to reflect the correct

             configuration for your site.  See the "README" file for

             details of the file syntax and special instructions for

             hosts with multiple Ethernet interfaces.  The file should

             not contain any blank lines.

 

         5.  Reboot the system to invoke the new binaries.



- ---------------------------------------------------------------------------

The CERT/CC would like to thank Casper Dik of the University of Amsterdam,

The Netherlands, and Peter Lamb of the Division of Information Technology,

Commonwealth Scientific and Industrial Research Organization, Australia,

for their assistance.  We also wish to thank Sun Microsystems, Inc. for

their response to this vulnerability.

- ---------------------------------------------------------------------------



If you believe that your system has been compromised, contact CERT/CC or

your representative in FIRST (Forum of Incident Response and Security Teams).



Internet E-mail: cert@cert.org

Telephone: 412-268-7090 (24-hour hotline)

           CERT/CC personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),

           on call for emergencies during other hours.



Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890



Past advisories, information about FIRST representatives, and other

information related to computer security are available for anonymous ftp

from cert.org (192.88.209.5).



- ------------------------------------------------------------------------------



Copyright 1992 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.



CERT is registered in the U.S. Patent and Trademark Office.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Revision History:



September 19,1997  Attached Copyright Statement



-----BEGIN PGP SIGNATURE-----

Version: PGP for Personal Privacy 5.0

Charset: noconv



iQA+AwUBOBS+k1r9kb5qlZHQEQIpGACggPIeCp8M1if9+uCAtkQx3sZQoewAlAgi

KwjDCzBf/rLsPN0wIdOeoEg=

=kbNm

-----END PGP SIGNATURE-----








(C) 1999-2000 All rights reserved.