[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Solaris DCE Integrated login bug if AFS klog not installed

Title: Solaris DCE Integrated login bug if AFS klog not installed
Released by: TRANSARC
Date: 25th September 1997
Printable version: Click here
Problem: Vulnerability in Transarc DCE Integrated login for sites running

         both AFS and DCE.



I. Description



On systems running Transarc's Solaris DCE integrated login program

(login.dce in place of /bin/login) which have AFS installed but no

AFS klog binary in any of the standard locations, unauthorized users

may gain access to local system resources as any valid user by supplying

a valid username for login, with any arbitrary string as a password.



The vulnerability stems from an incorrect interpretation of the

situation which occurs when an AFS klog binary is not found by

login.dce.



If there is a klog binary in ANY of the following standard locations,

the vulnerability will NOT occur:



        /opt/dcelocal/bin/klog

        /usr/afsws/bin/klog

        /usr/vice/etc/klog



Vulnerable products include Transarc DCE 1.1 for Solaris 2.4 and

Solaris 2.5 in conjunction with any version of AFS.  Systems not

running AFS are not vulnerable to this issue.





II. Impact



Users without accounts on the system may gain unauthorized access to

local resources.  Access to resources controlled by AFS/DCE/DFS is

unaffected, as no network credentials are granted unless a valid

password is supplied.





III. Solution



The following patches are available from Transarc:

        DCE 1.1 for Solaris 2.4:        patch 40 and higher

        DCE 1.1 for Solaris 2.5:        patch 25 and higher



A workaround is possible as well: simply install any program which

produces output on stdout in one of the standard klog locations.

(A "hello, world" program or shell script is sufficient; as long as

it puts something on stdout, it's good enough.  Optimally, install

the actual AFS klog program in one of the above locations.)



Contact Transarc customer support by telephone at 412-281-5852 or

via email (dce-help@transarc.com) for additional information or

questions.





IV.  Other Platform Impact



This vulnerability affects only Transarc products on the Solaris platform.






(C) 1999-2000 All rights reserved.