[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : NeXT rexd, /private/etc, Username me Vulnerabiliti

Title: NeXT rexd, /private/etc, Username me Vulnerabiliti
Released by: CERT
Date: 14th May 1991
Printable version: Click here

Hash: SHA1


Last Revised:  September 18,1997

                Attached copyright statement

                                CERT Advisory

                                 May 14, 1991

            NeXT rexd, /private/etc, Username me Vulnerabilities

- ---------------------------------------------------------------------------

The Computer Emergency Response Team/Coordination Center (CERT/CC) and

NeXT Computer, Inc. have received information concerning three

vulnerabilities in NeXT computers running various releases (see below)

of NeXTstep software.  For more information, please contact your

authorized support center.  If you are an authorized support provider,

please contact NeXT through your normal channels.

- ---------------------------------------------------------------------------

Problem 1 DESCRIPTION:  By default, rexd(8C) is enabled in NeXTstep

versions 2.0 and 2.1.  (Note that no NeXT software uses rexd.)

Problem 1 IMPACT:  Leaving rexd enabled allows remote users to execute

processes on a NeXT computer.

Problem 1 SOLUTION:  Comment out or remove the rexd line in

/etc/inetd.conf (unless you're using the remote execution facility),

and either restart the computer or cause inetd to re-read it's

configuration file, using:

        kill -HUP 

Problem 2 DESCRIPTION:  The /private/etc directory is shipped with

group write permission enabled in all NeXTstep versions through and

including 2.1.

Problem 2 IMPACT:  Group write permission in /private/etc enables any

user in the "wheel" group to modify files in the /private/etc


Problem 2 SOLUTION:  Turn off group write permission for the

/private/etc directory, using the command:

        chmod g-w /private/etc

or the equivalent operations from the Workspace Manager's Inspector


Problem 3 DESCRIPTION: Username "me" is a member of the "wheel" group

in all NeXTstep versions through and including 2.1.

Problem 3 IMPACT:  Having username "me" in the "wheel" group enables

"me" to use the su(8) command to become root (the user must still know

the root password, however).

Problem 3 SOLUTION:  Unless you have specific reason(s) not to, remove

the user "me" from the wheel group.

- ---------------------------------------------------------------------------

The CERT/CC would like to thank NeXT Computer, Inc. for their response

to this vulnerability.  CERT/CC would also like to thank Fuat Baran

for his technical assistance.

- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact CERT/CC

via telephone or e-mail.

Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 24-hour hotline:

           CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,

           on call for emergencies during other hours.

Past advisories and other computer security related information are

available for anonymous ftp from the cert.org (


- ---------------------------------------------------------------------------

Copyright 1991 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision History

September 18,1997  Attached Copyright Statement


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.