[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OSF1 :rmtmpfiles & /sbin/it security vulnerability



There is a vulnerability in the /sbin/init.d/rmtmpfiles utility of
DEC/Compaq Tru64 UNIX, at least in versions V4.0D to V5.1 (probably all V4
and V5 versions, maybe even V3 and older). The vulnerability may be
exploited to gain root access.

To protect your machine, move the offending utility out of the way (so it
will not normally be used), e.g. with

  mv -i /sbin/init.d/rmtmpfiles /sbin/init.d/rmtmpfiles.BLOCKED

More details (a better fix, possibly a working exploit) may be posted in a
week or so to the BugTraq mailing list (see http://www.securityfocus.com/).


Some history:

Mon 27 Nov 00   Notified rich.boren@compaq.com (including full exploit)
Mon 27 Nov 00   Received acknowledgement, promises "to update you ... by mid
                week (29th or 30th)"
Mon  4 Dec 00   After prompting on 30 Nov, says "engineering ... have not
                had the chance to get through with their review/analysis"
Tue 12 Dec 00   Workaround posted to tru64-unix-managers, comp.unix.tru64
                and comp.security.unix (cc rich.boren@compaq.com)


*************************************************************************

Subject: Paul Szabo: DEC/Compaq /sbin/it: security vulnerability


There is a vulnerability in the /sbin/it utility of DEC/Compaq Tru64 UNIX,
at least in versions V4.0D to V5.1 (probably all V4 and V5 versions, maybe
even V3 and older). The vulnerability may be exploited to gain root access.

To protect your machine, change the /etc/inittab file and disable /sbin/it.
You may remove the line, or place a '#' character at the beginning to leave
it something like

# it:23:wait:/sbin/it < /dev/console > /dev/console 2>&1

More details (possibly including a working exploit) may be posted in a week
or so to the BugTraq mailing list (see http://www.securityfocus.com/).


Some history:

Sun 26 Nov 00   Notified rich.boren@compaq.com (including full exploit)
Mon 27 Nov 00   Received acknowledgement, promises "to update you ... by mid
                week (29th or 30th)"
Mon  4 Dec 00   After prompting on 30 Nov, says "engineering ... have not
                had the chance to get through with their review/analysis"
Tue 12 Dec 00   Workaround posted to tru64-unix-managers, comp.unix.tru64
                and comp.security.unix (cc rich.boren@compaq.com)

- -- 
Paul Szabo - psz@maths.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

------- End of Forwarded Message