[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : SCO Home Directory Vulnerability

Title: SCO Home Directory Vulnerability
Released by: CERT
Date: 17th September 1993
Printable version: Click here

Hash: SHA1



LAst revised: September 19,1997

                Attached copyright statement


                                CERT Advisory

                               September 17, 1993

                        SCO Home Directory Vulnerability

- -----------------------------------------------------------------------------

The CERT Coordination Center has received information indicating that SCO

Operating Systems may be vulnerable to a potential compromise of system

security.  This vulnerability allows unauthorized access to the "dos" and

"asg" accounts, and, as a result of this access, unauthorized access to 

the "root" account may also occur.

The following releases of SCO products are affected by this vulnerability:

     SCO UNIX System V/386 Release 3.2 Operating System

     SCO UNIX System V/386 Release 3.2 Operating System Version 2.0

     SCO UNIX System V/386 Release 3.2 Operating System version 4.x

     SCO UNIX System V/386 Release 3.2 Operating System Version 4.0 with

         Maintenance Supplement Version 4.1 and/or Version 4.2

     SCO Network Bundle Release 4.x

     SCO Open Desktop Release 1.x

     SCO Open Desktop Release 2.0

     SCO Open Desktop Lite Release 3.0

     SCO Open Desktop Release 3.0

     SCO Open Server Network System Release 3.0

     SCO Open Server Enterprise System Release 3.0

CERT and The Santa Cruz Operation recommend that all sites using these SCO

products take action to eliminate the source of vulnerability from their

systems.  This problem will be corrected in upcoming releases of SCO

operating systems. 

- -----------------------------------------------------------------------------

I.   Description

     The home directories of the users "dos" and "asg" are /tmp and

     /usr/tmp respectively. These directories are designed to have 

     global write permission. 

II.  Impact

     This vulnerability may allow unauthorized users to gain access to 

     these accounts. This vulnerability may also corrupt certain binaries 

     in the system and thus prevent regular users from running them, as well 

     as introduce a potential for unauthorized root access.

III. Solution

     All affected sites should follow these instructions:

     1. Log onto the system as "root"

     2. Choose the following sequence of menu selections from

        the System Administration Shell, which is invoked by

        typing "sysadmsh"

        a. Accounts-->User-->Examine-->

           [select the "dos" account] -->Identity

           -->Home directory-->Create-->Path-->

           [change it to /usr/dos instead of /tmp]--> confirm

        b. Accounts-->User-->Examine-->

           [select the "asg" account] -->Identity

           -->Home directory-->Create-->Path-->

           [change it to /usr/asg instead of /usr/tmp]--> confirm

     3. If DOS binaries have been modified, or sites are unable to 

        determine if modification has occurred, we strongly recommend 

        removing and reinstalling the DOS package of the Operating System 

        Extended Utilities.  This can be done using custom(ADM).

        Sites may also want to check their systems for signs of further

        compromise. This can be facilitated through the use of programs

        such as COPS. Other security advice and suggestions can be found

        in CERT's security checklist. This checklist may be obtained 

        through anonymous FTP from cert.org in pub/tech_tips/security_info.

        Note: COPS may be obtained from many sites, including via 

        anonymous FTP from cert.org in the pub/tools directory.

If you have further questions about this issue, please contact SCO Support 

and ask for more information concerning this CERT advisory, CA-93:13, "SCO 

Home Directory Vulnerability."

        Electronic mail: support@sco.COM

        USA/Canada: 6am-5pm Pacific Daylight Time (PDT)


        1-800-347-4381  (voice)

        1-408-427-5443  (fax)

        Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific

        ------------------------------------------------ Daylight Time 


        1-408-425-4726  (voice)

        1-408-427-5443  (fax)

        Europe, Middle East, Africa: 9am-5:30pm British Standard Time (BST)


        +44 (0)923 816344 (voice)

        +44 (0)923 817781 (fax)

- ---------------------------------------------------------------------------

The CERT Coordination Center wishes to thank Christopher Durham of the Santa

Cruz Operation for reporting this problem and his assistance in responding to

this problem.

- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT

Coordination Center or your representative in Forum of Incident

Response and Security Teams (FIRST).

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 (24-hour hotline)

           CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),

           and are on call for emergencies during other hours.

CERT Coordination Center

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

Past advisories, information about FIRST representatives, and other

information related to computer security are available for anonymous FTP

from cert.org (

- ------------------------------------------------------------------------------

Copyright 1993 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision History:

September 19,1997  Attached Copyright Statement


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.