[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : REVISION NOTICE: New Patch for NeXT NetInfo "_writ

Title: REVISION NOTICE: New Patch for NeXT NetInfo "_writ
Released by: CERT
Date: 21st January 1993
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



CA-93:02a  

Last Revised: September 19,1997

                Attached copyright statement



                

                             CERT Advisory

                              January 21, 1993

    REVISION NOTICE: New Patch for NeXT NetInfo "_writers" Vulnerabilities



- -----------------------------------------------------------------------------



                 *** THIS IS A REVISED CERT ADVISORY ***

                   *** IT CONTAINS NEW INFORMATION ***



The CERT Coordination Center has received updated information from NeXT

Computer, Inc. concerning vulnerabilities in the distributed printing

facility of NeXT computers running all releases of NeXTSTEP software

through NeXTSTEP Release 3.0.  The online patch described in CERT

Advisory CA-93:02 has been replaced with a new patch.  The size and

checksum information in this Advisory have been updated to reflect

the new online patch.



For more information, please contact your authorized support center.  If you

are an authorized support provider, please contact NeXT through your normal

channels.



- -----------------------------------------------------------------------------



I.   Description



     The default NetInfo "_writers" properties are configured to allow

     users to install printers and FAX modems and to export them to the

     network without requiring assistance from the system administrator.

     They also allow a user to configure other parts of the system, such as

     monitor screens, without requiring help from the system administrator.

     Vulnerabilities exist in this facility that could allow users to gain

     unauthorized privileges on the system.





II.  Impact



     In the case of the "/printers" and the "/fax_modems" directories, the

     "_writers" property can permit users to obtain unauthorized root

     access to a system.



     In the "/localconfig/screens" directory, the "_writers" property can

     potentially permit a user to deny normal login access to other users.





III. Solution



     To close the vulnerabilities, remove the "_writers" properties from

     the "/printers", "/fax_modems", and "/localconfig/screens" directories

     in all NetInfo domains on the network, and from all immediate

     subdirectories of all "/printers", "/fax_modems", and

     "/localconfig/screens" directories.  The "_writers" properties may be

     removed using any one of the following three methods:



     A. As root, use the "niutil" command-line utility.  For example, to

        remove the "_writers" property from the "/printers" directory:



          # /usr/bin/niutil -destroyprop . /printers _writers





     B. Alternatively, use the NetInfoManager application: open the

        desired domain, open the appropriate directory, select the

        "_writers" property, choose the "Delete" command [Cmd-r] from

        the "Edit" menu, and save the directory.





     C. To assist system administrators in editing their NetInfo

        domains, a shell script, "writersfix", is available via

        anonymous FTP from next.com (129.18.1.2):



          Filename                                   Size   Checksum

          --------                                   ----   --------

          pub/Misc/Utilities/WritersFix.compressed   5600   25625  6



        After transferring this file using BINARY transfer type,

        double-click on the file.  A "WritersFix" directory will be

        created in your file system, containing the script

        ("writersfix") and some documentation ("WritersFix.rtf").





     Consider removing "_writers" from other NetInfo directories as well

     (for example, "/locations"), noting the following trade-off between

     ease-of-use and security.  By removing the "_writers" properties, the

     network and the computers on the network become more secure, but a

     system administrator's assistance is required where it previously was

     not required.



     Please refer to the NeXTSTEP Network and System Administration manual

     for additional information on "_writers".  Note that the

     subdirectories of the "/users" directory have "_writers_passwd" set to

     the user whose account is described by the directory.  This is

     essential if users are to be able to change their own passwords, and

     this does not compromise system security.



- -----------------------------------------------------------------------------

The CERT Coordination Center wishes to thank Alan Marcum and Eric Larson of

NeXT Computer, Inc. for notifying us about the existence of these

vulnerabilities and for providing appropriate technical information.

- -----------------------------------------------------------------------------



If you believe that your system has been compromised, contact the CERT

Coordination Center or your representative in FIRST (Forum of Incident

Response and Security Teams).



Internet E-mail: cert@cert.org

Telephone: 412-268-7090 (24-hour hotline)

           CERT personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),

           on call for emergencies during other hours.



CERT Coordination Center

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890



Past advisories, information about FIRST representatives, and other

information related to computer security are available for anonymous FTP

from cert.org (192.88.209.5).





- ------------------------------------------------------------------------------



Copyright 1993 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.



CERT is registered in the U.S. Patent and Trademark Office.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Revision History:



September 19,1997  Attached Copyright Statement



-----BEGIN PGP SIGNATURE-----

Version: PGP for Personal Privacy 5.0

Charset: noconv



iQA/AwUBOBS+21r9kb5qlZHQEQKFUQCgyNNs9iXIvzKCyDHbeBsf+RaljwkAn0bY

dSfapz0T1W/7zLGkKTH//oGQ

=DKis

-----END PGP SIGNATURE-----








(C) 1999-2000 All rights reserved.