[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Installation scripts in several SunSoft demo CDs

Title: Installation scripts in several SunSoft demo CDs
Released by: SUN
Date: 28th February 1995
Printable version: Click here
- -----------------------------------------------------------------------------

         SUN MICROSYSTEMS SECURITY BULLETIN: #00132, 28 February 1995

- -----------------------------------------------------------------------------


In this bulletin Sun announces a potential security vulnerability

which can result from interrupting the installation script on several

demo CD's. We describe how to determine if your system is affected,

and how to remove the potential security vulnerability with one or

two simple commands. No patches are needed.

In addition to issuing this bulletin, Sun is sending letters to those

customers known to have received the CD's.

I.   Who is affected and what to do

II.  Understanding the vulnerability

III. Acknowledgments


A.  How to obtain Sun security patches

B.  How to report or inquire about Sun security problems

C.  How to obtain Sun security bulletins

          /\         Send Replies or Inquiries To:

         \\ \        

        \ \\ /       Mark Graff

       / \/ / /      Sun Security Coordinator

      / /   \//\     MS MPK17-103

      \//\   / /     2550 Garcia Avenue

       / / /\ /      Mountain View, CA 94043-1100

        / \\ \       Phone: 415-786-5274

         \ \\        Fax:   415-786-7994

          \/         E-mail: security-alert@Sun.COM



Permission is granted for the redistribution of this Bulletin for

the purpose of alerting Sun customers to problems, as long as the

Bulletin is not edited and is attributed to Sun Microsystems.

Any other use of this information without the express written consent

of Sun Microsystems is prohibited. Sun Microsystems expressly disclaims

all liability for any misuse of this information by any third party.

- -----------------------------------------------------------------------------

         SUN MICROSYSTEMS SECURITY BULLETIN: #00132, 28 February 1995

- -----------------------------------------------------------------------------

I.   Who is affected and what to do

Sun has discovered that installation scripts in several SunSoft demo CD's

contain a flaw which could weaken the security of systems on which the demo

software is installed. We are alerting our customers so that those who

are affected can take appropriate action.

   Date         Title                                   Part #

   ----         -----                                   ------

   Sep-Dec '95  Catalyst CDWARE (Sparc)                 724-1308-03, Rev D

   Jan-Mar '96  Catalyst CDWARE (Sparc)                 724-1308-03, Rev E

   Jan-Mar '96  Catalyst CDWARE (x86)                   724-1433-05, Rev C

   Dec '95      SunSoft Developer CD, Premiere Issue    95459-001

   Jan '96      Business Solutions                      95536-001

You need only be concerned if you:

   * Received one of the listed CD's; and

   * Installed the software on it, using the installation script; and

   * Interrupted the installation script before it could exit normally.

If you did install the software, you should check whether the string

"x-spam-sh" appears in the ".mailcap" file in your home directory,

by issuing a command such as:

        grep x-spam-sh $HOME/.mailcap

If the string appears in the file, use a text editor to delete any lines

which include it, then exit any Web browsers you are currently running.

When you have completed these steps, the potential security weakness is gone.

You can then restart a browser without reopening the vulnerability.

II.  Understanding the vulnerability

The potential security weakness arises only when the installation script is

interrupted, causing it to terminate before undoing a temporary modification

to the ".mailcap" file.

If you were to use a Web browser while the ".mailcap" modification was

in effect, your browser might be caused to execute commands on your system

without your knowledge--if you happened to visit a Web page which exploited

this flaw. (We believe no such sites exist at this time.)

It might also be possible under these circumstances for such hidden

commands to be executed on your behalf as the result of an electronic

mail message. However, all of the  mail programs we have tested would

require your confirmation before executing the commands.

We apologize for any inconvenience this problem may have caused. We have

taken steps to ensure that it will not happen again.

III. Acknowledgments

Sun would like to thank Steve Neruda, of Nationwide Insurance, and

CERT/CC for their assistance.


A.  How to obtain Sun security patches

    1. If you have a support contract

    Customers with Sun support contracts can obtain any patches listed

    in this bulletin (and any other patches--and a list of patches) from:

       - Local Sun answer centers, worldwide

       - SunSITEs worldwide

       - SunSolve Online

    The patches are available via World Wide Web at http://sunsolve1.sun.com. 

    You should also contact your answer center if you have a support

    contract and:

       - You need assistance in installing a patch 

       - You need additional patches

       - You want an existing patch ported to another platform

       - You believe you have encountered a bug in a Sun patch

       - You want to know if a patch exists, or when one will be ready

    2. If you do not have a support contract

    Customers without support contracts may now obtain security patches,

    "recommended" patches, and patch lists via SunSolve Online.


    Sun also makes its security patches available via anonymous ftp, from

    the directory /systems/sun/sun-dist on the system ftp.uu.net.

    However, the ftp.uu.net repository will be discontinued in the near

    future. The availability of security patches via the SunSolve patch

    database has made it redundant.

    Sun does not furnish patches to any external distribution sites

    other than the ones mentioned here.

    3. About the checksums

    Patches announced in a Sun security bulletin are uploaded to the

    ftp.*.net sites just before the bulletin is released, and seldom

    updated.  In contrast, the "supported" patch databases are

    refreshed nightly, and will often contain newer versions of a patch

    incorporating changes which are not security-related.

    So that you can quickly verify the integrity of the patch files

    themselves, we supply checksums for the tar archives in each

    bulletin. The listed checksums should always match those on the

    ftp.*.net systems. (The rare exceptions are listed in the

    "checksums" file there.)

    Normally, the listed checksums will also match the patches on the

    SunSolve database. However, this will not be true if we have

    changed (as we sometimes do) the README file in the patch after the

    bulletin has been released.

    In the future we plan to provide checksum information for the

    individual components of a patch as well as the compressed archive

    file. This will allow customers to determine, if need be, which

    file(s) have been changed since we issued the bulletin containing

    the checksums.

    If you would like assistance in verifying the integrity of a patch

    file please contact this office or your local answer center.

B.  How to report or inquire about Sun security problems

    If you discover a security problem with Sun software or wish to

    inquire about a possible problem, contact one or more of the


       - Your local Sun answer centers

       - Your representative computer security response team, such as CERT 

       - This office. Address postal mail to:

         Sun Security Coordinator

         MS MPK17-103

         2550 Garcia Avenue Mountain

         View, CA 94043-1100

         Phone: 415-786-5274

         Fax:   415-786-7994

         E-mail: security-alert@Sun.COM

     We strongly recommend that you report problems to your local Answer

     Center. In some cases they will accept a report of a security bug

     even if you do not have a support contract. An additional notification

     to the security-alert alias is suggested but should not be used as your

     primary vehicle for reporting a bug.

C.   How to obtain Sun security bulletins

     1. Subscription information

     Sun Security Bulletins are available free of charge as part of

     our Customer Warning System. It is not necessary to have a Sun

     support contract in order to receive them.

     To receive information or to subscribe or unsubscribe from our

     mailing list, send mail to security-alert@sun.com with a subject

     line containing one of the following commands.

        Subject         Information Returned/Action Taken

        -------         ---------------------------------

        HELP            An explanation of how to get information

        LIST            A list of current security topics

        QUERY [topic]   The mail containing the question is relayed to

                        a Security Coordinator for a response.

        REPORT [topic]  The mail containing the text is treated as a

                        security bug report and forwarded to a Security

                        Coordinator for handling. Please note that this

                        channel of communications does not supersede

                        the use of Sun Solution Centers for this

                        purpose.  Note also that we do not recommend

                        that detailed problem descriptions be sent in

                        plain text.

        SEND topic      Summary of the status of selected topic

        SUBSCRIBE       Sender is added to the CWS (Customer

                        Warning System) list.  The subscribe feature

                        requires that the sender include on the subject

                        line the word "cws" and the reply email

                        address.  So the subject line might look like

                        the following:

                                SUBSCRIBE cws graff@sun.com

        UNSUBSCRIBE     Sender is removed from the CWS list.

     Should your email not fit into one of the above subjects, a help

     message will be returned to you.

     Due to the volume of subscription requests we receive, we cannot

     guarantee to acknowledge requests. Please contact this office if

     you wish to verify that your subscription request was received, or

     if you would like your bulletin delivered via postal mail or fax.

     2. Obtaining old bulletins

     Sun Security Bulletins are archived on ftp.uu.net (in the same

     directory as the patches) and on SunSolve. Please try these

     sources first before contacting this office for old bulletins.

(C) 1999-2000 All rights reserved.