copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » ESB-97.123 -- CERT VB-97.08 -- Vulnerability in Tran...
 

ESB-97.123 -- CERT VB-97.08 -- Vulnerability in Transarc DCE Integrated login for sites running both AFS and DCE
Date: 26 September 1997

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----


===========================================================================
              AUSCERT External Security Bulletin Redistribution

                             
                      ESB-97.123 -- CERT VB-97.08  
          Vulnerability in Transarc DCE Integrated login for sites 
			  running both AFS and DCE

                             26 September 1997

===========================================================================

The CERT Coordination Centre has released the following advisory concerning
a vulnerability in Transarc DCE Integrated login for sites running both
AFS and DCE.  This vulnerability may allow users without accounts on the
system to gain unauthorized access to local resources.

The following security bulletin is provided as a service to AUSCERT's
members.  As AUSCERT did not write this document, AUSCERT has had no
control over its content.  As such, the decision to use any or all of this
information is the responsibility of each user or organisation, and should
be done so in accordance with site policies and procedures.

Contact information for CERT/CC is included in the Security Bulletin below.
If you have any questions or need further information, please contact them
directly.

Previous advisories and external security bulletins can be retrieved from:

	http://www.auscert.org.au/information/advisories.html

If you believe that your system has been compromised, contact AUSCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 4477
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
	AUSCERT personnel answer during Queensland business hours
	which are GMT+10:00 (AEST).
	On call after hours for emergencies.


- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
CERT* Vendor-Initiated Bulletin VB-97.08
September 25, 1997

Topic:  Solaris DCE Integrated login bug if AFS klog not installed
Source: Transarc Corp.

To aid in the wide distribution of essential security information, the CERT
Coordination Center is forwarding the following information from Transarc
Corporation. Transarc urges you to act on this information as soon as
possible. Transarc contact information is included in the forwarded text
below; please contact them if you have any questions or need further
information.


=======================FORWARDED TEXT STARTS HERE============================

Problem: Vulnerability in Transarc DCE Integrated login for sites running
         both AFS and DCE.

I. Description

On systems running Transarc's Solaris DCE integrated login program
(login.dce in place of /bin/login) which have AFS installed but no
AFS klog binary in any of the standard locations, unauthorized users
may gain access to local system resources as any valid user by supplying
a valid username for login, with any arbitrary string as a password.

The vulnerability stems from an incorrect interpretation of the
situation which occurs when an AFS klog binary is not found by
login.dce.

If there is a klog binary in ANY of the following standard locations,
the vulnerability will NOT occur:

        /opt/dcelocal/bin/klog
        /usr/afsws/bin/klog
        /usr/vice/etc/klog

Vulnerable products include Transarc DCE 1.1 for Solaris 2.4 and
Solaris 2.5 in conjunction with any version of AFS.  Systems not
running AFS are not vulnerable to this issue.


II. Impact

Users without accounts on the system may gain unauthorized access to
local resources.  Access to resources controlled by AFS/DCE/DFS is
unaffected, as no network credentials are granted unless a valid
password is supplied.


III. Solution

The following patches are available from Transarc:
        DCE 1.1 for Solaris 2.4:        patch 40 and higher
        DCE 1.1 for Solaris 2.5:        patch 25 and higher

A workaround is possible as well: simply install any program which
produces output on stdout in one of the standard klog locations.
(A "hello, world" program or shell script is sufficient; as long as
it puts something on stdout, it's good enough.  Optimally, install
the actual AFS klog program in one of the above locations.)

Contact Transarc customer support by telephone at 412-281-5852 or
via email (dce-help@transarc.com) for additional information or
questions.


IV.  Other Platform Impact

This vulnerability affects only Transarc products on the Solaris platform.


========================FORWARDED TEXT ENDS HERE=============================

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident Response
and Security Teams (FIRST). See http://www.first.org/team-info/.

We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact
the CERT staff for more information.

Location of CERT PGP key
         ftp://ftp.cert.org/pub/CERT_PGP.key


CERT Contact Information
- - ------------------------
Email    cert@cert.org

Phone    +1 412-268-7090 (24-hour hotline)
                CERT personnel answer 8:30-5:00 p.m. EST
                (GMT-5)/EDT(GMT-4), and are on call for
                emergencies during other hours.

Fax      +1 412-268-6989

Postal address
        CERT Coordination Center
        Software Engineering Institute
        Carnegie Mellon University
        Pittsburgh PA 15213-3890
        USA

CERT publications, information about FIRST representatives, and other
security-related information are available from
        http://www.cert.org/
        ftp://ftp.cert.org/pub/

CERT advisories and bulletins are also posted on the USENET newsgroup
        comp.security.announce

To be added to our mailing list for CERT advisories and bulletins, send your
email address to
        cert-advisory-request@cert.org
In the subject line, type
        SUBSCRIBE  your-email-address



* Registered U.S. Patent and Trademark Office.

The CERT Coordination Center is part of the Software Engineering
Institute (SEI). The SEI is sponsored by the U. S. Department of Defense.


This file: ftp://ftp.cert.org/pub/cert_bulletins/VB-97.08.transarc



- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNCpw3HVP+x0t4w7BAQENwwP9EII44mpiLT/HZ3M65KUCIQ5RtxEQK3t3
0a4N6+vc1ohn+YPO0NjJ9ej0wf8kbA22WmOlP6nRaVIRN0CZXjvD8LK6lnz1EiwX
W0L9sy9q3H6XSxTVpUiHjLQ3k9asqRoCgb2NEsy47W3Zrcg9GP1hPPlWcv9dROcP
v78oHeCO6kg=
=jwA3
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBNCuN7ih9+71yA2DNAQEjLAP/SZZ75Wwmie+Pyygbgs8VFZ1THErwnRlS
e36I7basL+iT8Pm2ELhrGLzu2YpHLtdOLjWL7Y7xCfCucWMEImKl+h4sRI3mNy6O
2s7Df8ZpT5NwjucxeKQ8Lb5tGBxFjRDZIjTRVLtfWUtWc6CgUbvwYkaL9b7Sr33Y
JBlOWw7tp8s=
=uGq7
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1&it=260