From POP2-Server@csmes Fri May  6 09:17:28 1994
Received: from csrc.ncsl.nist.gov (CSRC.NCSL.NIST.GOV [129.6.54.11]) by csmes.ncsl.nist.gov (8.6.4/8.6.4) with SMTP id WAA04886; Thu, 5 May 1994 22:38:33 -0400
Received: from localhost (root@localhost) by csrc.ncsl.nist.gov (8.6.4/8.6.4) id WAA05296 for xfirst-teams; Thu, 5 May 1994 22:35:56 -0400
Received: from mot.ncsl.nist.gov (MOT.NCSL.NIST.GOV [129.6.54.38]) by csrc.ncsl.nist.gov (8.6.4/8.6.4) with ESMTP id WAA05291 for <first-teams@first.org>; Thu, 5 May 1994 22:35:55 -0400
Received: from localhost (uucp@localhost) by mot.ncsl.nist.gov (8.6.4/8.6.4) id WAA00746 for <first-teams@first.org>; Thu, 5 May 1994 22:16:42 -0400
Received: from nssdca.gsfc.nasa.gov(128.183.36.23) by mot via smap (V1.3mjr)
	id sma000742; Thu May  5 22:16:40 1994
Date: Thu, 5 May 1994 22:37:14 -0400 (EDT)
From: Ron Tencati +1-301-441-4081 <TENCATI@NSSDCA.GSFC.NASA.GOV>
To: first-teams@first.org
CC: TENCATI@NSSDCA.GSFC.NASA.GOV
Message-Id: <940505223714.21400578@NSSDCA.GSFC.NASA.GOV>
Subject: NASIRC Bulletin 94-16: Automountd Security Problem under Solaris
Organization: FIRST, the Forum of Incident Response & Security Teams
Sub-Organization: FIRST Secretariat
Sender: first-request@csrc.ncsl.nist.gov
Reply-To: Ron Tencati +1-301-441-4081 <TENCATI@NSSDCA.GSFC.NASA.GOV>
X-Sequence: first-teams.0336
Content-Length:       4657
Status: O 

The following bulletin was released to the NASA community by NASIRC:

  NASIRC BULLETIN #94-16                                          May 5, 1994

                Automountd security problem in Solaris 2.3
         ===========================================================
               __    __      __      ___   ___  ____     ____  
              /_/\  /_/|    /_/     / _/\ /_/| / __/ \  / __/\ 
              | |\ \| ||   /  \ \   | /\/ | || | /\ \/  | | \/ 
              | ||\ \ ||  / /\ \ \   \ \  | || |_\/ /\  | |    
              | || \ \|| / /--\ \ \ /\_\\ | || | |\ \ \ | \_/\ 
              |_|/  \_|//_/    \_\/ \/__/ |_|/ |_| \_\/ \___\/ 
             NASA Automated Systems Incident Response Capability
         ===========================================================

    NASIRC recently received  information about a  security vulnerability
    in the "automountd" daemon under the Solaris 2.3 operating system.

    SYSTEMS AFFECTED:

    All systems running Solaris 2.3 are vulnerable; no other systems are
    affected by this vulnerability.  (No instances of this vulnerability
    being exploited have been recorded to date.)

    THE PROBLEM:

    Any user with an account on an unpatched Solaris 2.3 system can gain
    root access to that system.

    THE FIX:

    This vulnerability can be patched  by installing the executable con-
    tained in "automountd"  (Sun Patch 101329-15),  or by installing the
    patch in its entirety. The patch is available via anonymous FTP from
    nasirc.nasa.gov as follows:

    -- The entire Sun NIS+ Jumbo patch:
       ~/toolkits/Sun_Patches/101329-15.tar.Z

    -- The automountd *executable* (alone) from the Jumbo Patch:
       ~/toolkits/Sun_Patches/101329-15.automountd


    CHECKSUMS:

     File                  BSD        MD5
     Name                  Checksum   Digital Signature
     ---------------       ---------  --------------------------------
     101329-15.tar.Z       55492 843  19AA042484727A5DE9CB21199858071A
     101329-15.automountd  28991  59  F1B47A73C86C8B32D50EA7A4DBA9A8B5


   NASIRC will continue to monitor this situation and will post additional
   information should it become necessary. If you have any questions about
   this bulletin, please contact NASIRC via any of the venues below.

     =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
     NASIRC ACKNOWLEDGES: Mark Graff of Sun Microsytems for forwarding
     this information in a rapid and timely manner.
     =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

       ===============================================================
         For further assistance, please contact the NASIRC Helpdesk:
            Phone: 1-800-7-NASIRC             Fax: 1-301-441-1853
                       Internet Email: nasirc@nasa.gov
             24 Hour/Emergency Pager: 1-800-759-7243/Pin:2023056
                           STU III: 1-301-982-5480
       ===============================================================
       This bulletin may be forwarded without restriction to sites and 
              system administrators within the NASA community.
 
       The NASIRC online archive system is available via anonymous ftp.
       You will be required to enter  your valid e-mail address as the
       "password".   Once on the system,  you can access the following
       information:

           ~/bulletins          ! contains NASIRC bulletins
           ~/information        ! contains various informational files
           ~/toolkits           ! contains automated toolkit software
        
       The contents  of these  directories is  updated on  a continuous
       basis with relevant software and information; contact the NASIRC 
       Helpdesk for more information or assistance.
 
                              -----------------
 
     PLEASE NOTE: Users outside of the NASA community  may receive NASIRC
     bulletins. If you are not part of the NASA community, please contact
     your agency's response team to report incidents.  Your agency's team
     will coordinate  with NASIRC,  who will  ensure the  proper internal
     NASA team(s)  are notified.   NASIRC is  a member  of  the  Forum of
     Incident Response and Security Teams (FIRST), a world-wide organiza-
     tion which provides for coordination between incident response teams
     in handling computer-security-related issues.  You can obtain a list
     of FIRST  member organizations  and their  constituencies by sending
     email to   docserver@first.org   with an empty  "subject" line and a
     message body containing the line "send first-contacts".