slouder@note.nsf.gov (Steve Loudermilk) (01/31/89)
Reply-to: slouder@note.nsf.gov (Steve Loudermilk) Hi, On 22 Dec 88, a notice was posted on this bulletin board by a Mr. Ning Zhang in Germany announcing he had discovered a "very dangerous security hole in UNIX". He said he had drafted a report on it. I was of the opinion that much more would be forthcoming if there really was such a problem. Nothing else has been posted concerning this. And I have seen nothing on other BBs which are linked to this message. I was ready to write it off as a false alarm. However, other's in my office, and rightly so, have urged me to "close the loop" and find out for sure. Is there really a big problem? Is it the same as ftp, finger, or sendmail problems which have been handled so well by others in the internet community? Excuse me if I have missed something here, but I believe such an announcement deserves a followup explanation. Thanks, ---------------------------------------------------------------------- Steve Loudermilk Internet: slouder@note.nsf.gov Integrated Microcomputer Systems Inc. Phonenet: (202) 357-9648 ----------------------------------------------------------------------
aem@ibiza.miami.edu (a.e.mossberg) (02/04/89)
Reply-to: aem@ibiza.miami.edu (a.e.mossberg) I got the report, and yes, it is a serious security hole. I was able to replicate it on bot Ultrix 2.2 and Ultrix 3.0 (i.e. go into superuser mode from a non-priv account). It has been discussed on the security mailing list. I suggest that you check the security archives for details, or write me via email. aem a.e.mossberg aem@mthvax.miami.edu MIAVAX::AEM (Span) aem@umiami.BITNET (soon) Love of money is the mother of all evils. - Diogenes
zhang@zgdvda.UUCP (Ning Zhang) (02/04/89)
Reply-to: zhang@zgdvda.UUCP (Ning Zhang) In article <81555@felix.UUCP>, slouder@note.nsf.gov (Steve Loudermilk) writes: > Reply-to: slouder@note.nsf.gov (Steve Loudermilk) > ...had drafted a report on it. Yes. I've post it (and some lastest bugs) to UCB, DEC, SUN, Cert,... > I was of the opinion that much more would be forthcoming if there > really was such a problem. Do you mean that I should post the bug reports in this open bulletin? No, it's much more dangerous, because they contained the step-by-step breakin methods to exploit such bugs. I should be very very careful to deliver them. I just got a complaint about the abuse of my report and I'm surprised! > Nothing else has been posted concerning this. And I have seen nothing > on other BBs which are linked to this message. Originally, I planned to post the announcement to news.sysadmin, news.admin, and comp.unix.ultrix,... but most of them are moderated. I only have seen my posting in comp.unix.ultrix. > I was ready to write it off as a false alarm. Please not...:-) > However, other's in my office, and rightly so, have urged me to "close the > loop" and find out for sure. If you're really aware of the security problems, why not you take part in some security lists? There're many discussions about the resent discoveries of security problems. > Is there really a big problem? Yes, they're quite serious. But many vendors have shipped patches to fix them. > Is it the same as ftp, finger, or sendmail problems which have been handled > so well by others in the internet community? Of course not. Hope the above info is enough. Please ask your vendors for fixes. I wont deliver the bug reports again! ---- Ning Zhang relay.cs.net!uka!unido!zgdvda!zhang |Giving a man a fish \\\| An Old Computer Graphics Center (ZGDV) |Feed him for one day \\| Chinese Wilhelminenstr.7, 6100 Darmstadt, West Germany |Teaching a man to fish | Proverb Permanent Addr:Inst.of AI,Zhejiang Univ. China |Serve him forever and a day ||||
wswietse@eutrc3.UUCP (Wietse Venema) (03/07/89)
Reply-to: wswietse@eutrc3.UUCP (Wietse Venema) In article <81555@felix.UUCP> slouder@note.nsf.gov (Steve Loudermilk) writes: |Reply-to: slouder@note.nsf.gov (Steve Loudermilk) | |Hi, | |On 22 Dec 88, a notice was posted on this bulletin board by a |Mr. Ning Zhang in Germany announcing he had discovered a "very |dangerous security hole in UNIX". He said he had drafted a report |on it. | |I was of the opinion that much more would be forthcoming if there |really was such a problem. Nothing else has been posted concerning |this. And I have seen nothing on other BBs which are linked to this |message. I was ready to write it off as a false alarm. However, other's |in my office, and rightly so, have urged me to "close the loop" and |find out for sure. | |Is there really a big problem? Is it the same as ftp, finger, |or sendmail problems which have been handled so well by others in the |internet community? | |Excuse me if I have missed something here, but I believe such an |announcement deserves a followup explanation. | |Thanks, | |---------------------------------------------------------------------- |Steve Loudermilk Internet: slouder@note.nsf.gov |Integrated Microcomputer Systems Inc. Phonenet: (202) 357-9648 |---------------------------------------------------------------------- The problem is real and has been found on several BSD-like UNIX versions (Ultrix, Alliant, Sun). It occurs when the finger field of a passwd file entry becomes longer than the internal buffers used by programs such as chsh(1). -- uucp: wswietse@eutrc3.UUCP | Eindhoven University of Technology bitnet: wswietse@heithe5.BITNET | Dept. of Mathematics and Computing Science surf: tuerc5::wswietse | Eindhoven, The Netherlands.
wdg@unccvax.UUCP (Doug Gullett) (03/07/89)
Reply-to: wdg@unccvax.UUCP (Doug Gullett) Hello I'm the Sys Admin (and everything else too) for Ultrix and Sun OS machines here at the University of NC at Charlotte. Please send me any information that I need to 'fix' this security hole. Currently we are running Ultrix 2.0 and 2.2 (a long story) and hope to soon load 3.0 on most of our machines. We do have source for 2.0 and are working with DEC on 3.0 source. thanks, Doug Gullett (wdg)
avolio@decuac.dec.com (Frederick M. Avolio) (03/22/89)
Reply-to: avolio@decuac.dec.com (Frederick M. Avolio) This is certainly NOT an official suggestion from Digital. Speaking as a user I seem to remember a release note or something that indicated this (with V3.0) and the suggestion 1) to chnage the modes on chfn and chsh to 700 and 2) that it would be fixed in the maintenance release (3.1?). Fred