||Home : Advisories : Solaris DCE Integrated login bug if AFS klog not installed|
||Solaris DCE Integrated login bug if AFS klog not installed
||25th September 1997
Problem: Vulnerability in Transarc DCE Integrated login for sites running
both AFS and DCE.
On systems running Transarc's Solaris DCE integrated login program
(login.dce in place of /bin/login) which have AFS installed but no
AFS klog binary in any of the standard locations, unauthorized users
may gain access to local system resources as any valid user by supplying
a valid username for login, with any arbitrary string as a password.
The vulnerability stems from an incorrect interpretation of the
situation which occurs when an AFS klog binary is not found by
If there is a klog binary in ANY of the following standard locations,
the vulnerability will NOT occur:
Vulnerable products include Transarc DCE 1.1 for Solaris 2.4 and
Solaris 2.5 in conjunction with any version of AFS. Systems not
running AFS are not vulnerable to this issue.
Users without accounts on the system may gain unauthorized access to
local resources. Access to resources controlled by AFS/DCE/DFS is
unaffected, as no network credentials are granted unless a valid
password is supplied.
The following patches are available from Transarc:
DCE 1.1 for Solaris 2.4: patch 40 and higher
DCE 1.1 for Solaris 2.5: patch 25 and higher
A workaround is possible as well: simply install any program which
produces output on stdout in one of the standard klog locations.
(A "hello, world" program or shell script is sufficient; as long as
it puts something on stdout, it's good enough. Optimally, install
the actual AFS klog program in one of the above locations.)
Contact Transarc customer support by telephone at 412-281-5852 or
via email (email@example.com) for additional information or
IV. Other Platform Impact
This vulnerability affects only Transarc products on the Solaris platform.