[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Next vulnerability

Title: Next vulnerability
Released by: CERT
Date: 17th September 1990
Printable version: Click here

Hash: SHA1


Last Revised: September 17,1997

                Attached Copyright statement

This message is an update of the October 2, 1990 CERT Advisory (CA-90:06).

There is one correction and an update that you need to know about.

For Problem #2 SOLUTION, the following line has been added:

  # /etc/chmod 440 /usr/lib/NextPrinter/npd.old

This will disable the old printer program.  An updated copy of the CERT

Advisory has been included with this message.

NeXT is also making the new printer program, npd, available electronically

via anonymous ftp for Internet sites.  The archives sites are:




In addition, NeXT has asked the CERT to announce that if anyone cannot get

it from the archives, NeXT Technical Support can provide it. Requests should

go to:

        ask_next@NeXT.COM [...!next!ask_next]


Computer Emergency Response Team

- ------------------------------------------------------------------------------

CA-90:06a                      CERT Advisory

                              October 3, 1990

                          NeXT's System Software

- -----------------------------------------------------------------------------

This message is to alert administrators of NeXT Computers of four

potentially serious security problems.

The information contained in this message has been provided by David Besemer,

NeXT Computer, Inc.  The following describes the four security problems,

NeXT's recommended solutions and the known system impact.

- ------------------------------------------------------------------------------

  Problem #1 DESCRIPTION:  On Release 1.0 and 1.0a a script exists in

  /usr/etc/restore0.9 that is a setuid shell script.  The existence of  

  this script is a potential security problem.

  Problem #1 IMPACT:  The script is only needed during the installation

  process and isn't needed for normal usage.  It is possible for any

  logged in user to gain root access.

  Problem #1 SOLUTION:  NeXT owners running Release 1.0 or 1.0a should  

  remove /usr/etc/restore0.9 from all disks.  This file is installed by  

  the "BuildDisk" application, so it should be removed from all systems  

  built with the standard release disk, as well as from the standard  

  release disk itself (which will prevent the file from being installed  

  on system built with the standard release disk in the future).  You  

  must be root to remove this script, and the command that will remove  

  the script is the following:

  # /bin/rm /usr/etc/restore0.9


  Problem #2 DESCRIPTION:  On NeXT computers running Release 1.0 or

  1.0a that also have publicly accessible printers, users can gain

  extra permissions via a combination of bugs.


  Problem #2 IMPACT:  Computer intruders are able to exploit this security

  problem to gain access to the system.  Intruders, local users and remote

  users are able to gain root access.

  Problem #2 SOLUTION:  NeXT computer owners running Release 1.0 or  

  1.0a should do two things to fix a potential security problem.   

  First, the binary /usr/lib/NextPrinter/npd must be replaced with a  

  more secure version.  This more secure version of npd is available  

  through your NeXT support center.  Upon receiving a copy of the more  

  secure npd, you must become root and install it in place of the old  

  one in /usr/lib/NextPrinter/npd.  The new npd binary needs to be  

  installed with the same permission bits (6755) and owner (root) as  

  the old npd binary.  The commands to install the new npd binary are  

  the following:


  # /bin/mv /usr/lib/NextPrinter/npd /usr/lib/NextPrinter/npd.old

  # /bin/mv newnpd /usr/lib/NextPrinter/npd

          (In the above command, "newnpd" is the npd binary

          that you obtained from your NeXT support center.)

  # /etc/chown root /usr/lib/NextPrinter/npd

  # /etc/chmod 6755 /usr/lib/NextPrinter/npd

  # /etc/chmod 440 /usr/lib/NextPrinter/npd.old


  The second half of the fix to this potential problem is to change the  

  permissions of directories on the system that are currently owned and  

  able to be written by group "wheel".  The command that will remove  

  write permission for directories owned and writable by group "wheel"  

  is below.  This command is all one line, and should be run as root.


  # find / -group wheel ! -type l -perm -20 ! -perm -2 -ls -exec chmod  

  g-w {} \; -o -fstype nfs -prune


  Problem #3 DESCRIPTION:  On NeXT computers running any release of the

  system software,  public access to the window server may be a

  potential security problem.

  The default in Release 1.0 or 1.0a is correctly set so that public access

  to the window server is not available.  It is possible, when upgrading from

  a prior release, that the old configuration files will be reused.  These

  old configuration files could possibly enable public access to the window


  Problem #3 IMPACT:  This security problem will enable an intruder to gain

  access to the system.

  Problem #3 SOLUTION:  If public access isn't needed, it should be disabled.

  1. Launch the Preferences application, which is located in /NextApps

  2. Select the UNIX panel by pressing the button with the UNIX

     certificate on it.

  3. If the box next to Public Window Server contains a check, click on

     the box to remove the check.


  Problem #4 DESCRIPTION: On NeXT computers running any release of the

  system software, the "BuildDisk" application is executable by all users.

  Problem #4 IMPACT:  Allows a user to gain root access.

  Problem #4 SOLUTION: Change the permissions on the "BuildDisk" application

  allowing only root to execute it.  This can be accomplished with the


  # chmod 4700 /NextApps/BuildDisk

  To remove "BuildDisk" from the default icon dock for new users, do the


  1. Create a new user account using the UserManager application.

  2. Log into the machine as that new user.

  3. Remove the BuildDisk application from the Application Dock by dragging

     it out.

  4. Log out of the new account and log back in as root.

  5. Copy the file in ~newuser/.NeXT/.dock to /usr/template/user/.NeXT/.dock

        (where ~newuser is the home directory of the new user account)

  6. Set the protections appropriately using the following command:

        # chmod 555 /usr/template/user/.NeXT/.dock

  7. If you wish, with UserManager, remove the user account that you created

     in step 1.

  In release 2.0, the BuildDisk application will prompt for the root password

  if it is run by a normal user.

- -----------------------------------------------------------------------------



For further questions, please contact your NeXT support center.

NeXT has also reported that these potential problems have been fixed in

NeXT's Release 2.0, which will be available in November, 1990.

Thanks to Corey Satten and Scott Dickson for discovering, documenting, and

helping resolve these problems.

- -----------------------------------------------------------------------------

Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 24-hour hotline: CERT personnel answer

           7:30a.m.-6:00p.m. EST, on call for

           emergencies other hours.

Past advisories and other information are available for anonymous ftp

from cert.org (

- ---------------------------------------------------------------------------

Copyright 1990 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision History

September 17,1997 Attached Copyright statement


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.