[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : olaris AFS/DFS Integrated login bug if user is in too many groups

Title: olaris AFS/DFS Integrated login bug if user is in too many groups
Released by: TRANSARC
Date: 17th September 1996
Printable version: Click here
- ----------------------------------------------------------------------



Topic:  Solaris AFS/DFS Integrated login bug if user is in too many

groups

Source: Transarc Corp.

- --------------------------------





Problem: Vulnerability in Transarc DCE Integrated login for sites

running DFS





I. Description



On systems running the DCE Distributed File System (DFS), users placed

in more than NGROUPS_MAX-1 (usually 15) groups in the DCE registry and

in /etc/group will have an incorrect grouplist upon login.



For systems running both AFS and DFS, this limit is reduced to

NGROUPS_MAX-3 (13).



The vulnerability is caused by a change in the setgroups(2) system

call under DFS, which can cause it to fail when passed a large set of

supplementary groups.  Thus, it can cause problems in

non-Transarc-supplied programs which use setgroups(2) if they do not

handle error conditions correctly.



Vulnerable products include Transarc DCE and DFS 1.1 for Solaris 2.4

and Solaris 2.5.  This vulnerability is not present on sites not

running DFS (even if they are running AFS).





II. Impact



Users with accounts on the system may gain unauthorized access to

resources.  Access to resources controlled by DCE/DFS is unaffected,

as the DCE PAC is correct.



Users without accounts on the system cannot take advantage of this

vulnerability.





III. Solution



The following patches are available from Transarc:

        DCE/DFS 1.1 for Solaris 2.4:    patch 22

        DCE/DFS 1.1 for Solaris 2.5:    patch 2





A workaround is possible as well: simply ensure that no user is listed

in more than NGROUPS_MAX-3 groups in /etc/group (including the user's

primary group, which may not appear in /etc/group).  With this

workaround, only the primary group and groups which appear in

/etc/group will appear in the grouplist upon login.



Contact Transarc customer support by telephone at 412-281-5852 or

via email (dfs-help@transarc.com) for additional information or

questions.



IV.  Other Platform Impact



HP has advised that this problem does not affect the HP product.

IBM has advised that this problem does not affect the IBM product.














(C) 1999-2000 All rights reserved.