[comp.security.announce] CERT Advisory - System V /bin/login

cert-advisory-request@CERT.SEI.CMU.EDU (CERT Advisory) (05/23/91)

---------------------------------------------------------------------------
CA-91:08                        CERT Advisory
                                 May 23, 1991
               AT&T System V Release 4 /bin/login Vulnerability

---------------------------------------------------------------------------

The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a security vulnerability in AT&T's UNIX(r)
System V Release 4 operating system.  AT&T is providing a software upgrade 
for Release 4 operating system vendors and a patch for AT&T Computer Systems
customers.  AT&T has also provided a suggested fix for all Release 4
based systems.
  
---------------------------------------------------------------------------
I.   DESCRIPTION:

     A security vulnerability exists in /bin/login in AT&T's System V
     Release 4 operating system.


II.  IMPACT:

     System users can gain unauthorized privileges.


III. SOLUTION:
    
     A.  AT&T Computer Systems customers

         Log into the root account.  Change the execution permission on
         the file /bin/login.

         	chmod 500 /bin/login

         Contact AT&T Computer Systems at 800-922-0354 to obtain a fix.
         The numbers associated with the fix are 156 (3.5" media) and
         157 (5.25" media).

         International customers should contact their local AT&T 
         Computer Systems representative.

     B.  All other System V Release 4 based systems

         Log into the root account.  Change the execution permission on
         the file /bin/login.

                chmod 500 /bin/login

         Release 4 customers should contact their operating system
         supplier for details on the availability of the software
         update.

---------------------------------------------------------------------------
The CERT/CC would like to thank AT&T for their timely response to our
report of this vulnerability.
---------------------------------------------------------------------------

If you believe that your system has been compromised, contact CERT/CC via
telephone or e-mail.

Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.sei.cmu.edu
Telephone: 412-268-7090 24-hour hotline:
           CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
           on call for emergencies during other hours.

Past advisories and other computer security related information are available
for anonymous ftp from the cert.sei.cmu.edu (128.237.253.5) system.