Date: 03 August 2000
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
A U S C E R T A L E R T
AL-2000.04 -- AUSCERT ALERT
Buffer overrun in lp/lpset/lpstat on Solaris
04 May 2000
Last Revised: 3 August 2000 - Updated patch details
===========================================================================
PROBLEM:
AusCERT has received recent reports of root compromises within
Australia using a new vulnerability against Solaris systems.
There exists a buffer overrun vulnerability in the lp/lpset/lpstat
commands on affected Solaris systems which may be exploited by
local users to gain root privileges.
PLATFORM:
Sun Solaris 7
Sun Solaris 2.6
Sun Solaris 8 is not known to be affected by this vulnerability.
IMPACT:
Affected systems may be root compromised by local users or by
a remote intruder with access to a local account.
RECOMMENDATIONS:
Solaris System Administrators are urged to check their systems
for this vulnerability. Affected sites are encouraged to
evaluate the risk of their systems being exploited by this
vulnerability and take appropriate action.
AusCERT recommends that affected sites either disable user access
to the vulnerable programs or install the official patch from
Sun Microsystems.
Sun Support Customers should contact Sun directly, through their
usual channels, to request the following patches for their
systems:
106235-06 - Solaris 2.6
106236-06 - Solaris 2.6_x86
107115-05 - Solaris 7
107116-05 - Solaris 7_x86
If you suspect that your site may have been compromised, we
recommend you read:
http://www.cert.org/tech_tips/intruder_detection_checklist.html
If your site has been compromised, we recommend you read:
http://www.cert.org/tech_tips/root_compromise.html
AusCERT is currently monitoring this problem, if you detect your
systems have been compromised please contact AusCERT. We are
currently tracking this incident as AUSCERT#76660. We would
appreciate you using this tracking code in the subject of any
email you send regarding this incident.
- ---------------------------------------------------------------------------
[AusCERT issues an alert when the risk posed by a vulnerability that may
not have been thoroughly investigated and for which a work-around or fix
may not yet have been developed requires notification.]
The AusCERT team has made every effort to ensure that the information
contained in this document is accurate at the time of publication. However,
the decision to use the information described is the responsibility of
each user or organisation. The appropriateness of this document for an
organisation or individual system should be considered before application
in conjunction with local policies and procedures. AusCERT takes no
responsibility for the consequences of applying the contents of this
document.
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
AusCERT maintains an anonymous FTP service which is found on:
ftp://ftp.auscert.org.au/pub/. This archive contains past SERT
and AusCERT Advisories, and other computer security information.
AusCERT maintains a World Wide Web service which is found on:
http://www.auscert.org.au/.
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call
after hours for emergencies.
Postal:
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
AUSTRALIA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revision History
3 August 2000 - Updated patch details
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOYl6Bih9+71yA2DNAQG1fQQAjTe/4PgMaS47WuRDyYIIr9GiVJeVAm/0
ID709bl73hNrAPfULLY2fRD+cljkso/RSEWk7R+ADlVnN/rs8LEQ3u8bp5uesDje
nH8sTo2rnwblKCFeFJhYgTWNpDT0AZP27VvsSFcivNByU+tyel5Nq2bJuXTt33N9
xobxCk9A74I=
=vANv
-----END PGP SIGNATURE-----
|