1

Click here to load reader

IRIX desktop tool vulnerability

  • View
    220

  • Download
    4

Embed Size (px)

Citation preview

Page 1: IRIX desktop tool vulnerability

Network Security June 7996

Interpreters in CGI bin directories

According to CERT, many sites that maintain a Web server support CGI programs. These are often scripts that are run by general-purpose interpreters, such as /bin/sh or PERL. If the interpreters are located in the CGI bin directory along with the associated scripts, intruders can access the interpreters directly and arrange to execute arbitrary commands on the Web server system (Advisory CA-96.1 1). CERT advises that interpreters should never be put in a Web server’s CGI bin directory. Examples of these include PERL, Tel and Unix shells (sh, csh, ksh etc.).

NIS+ password tables left insecure

AUSCERT has received information (AA-96.02a) relating to a potential vulnerability under some configurations of NIS+. In vulnerable installations of NIS+, the access rights on the NIS+ password table are left in an insecure state. This vulerability is known to exist in NIS+ installations initially created on Solaris 2.5 servers. Similar vulnerabilities in NlS+ configurations may also exist in previous versions of Solaris 2. This problem may allow any user with valid NIS+ credentials to gain root privileges I

NIS+ provides distributed network access to information sources such as password, group and host information. It maintains this

information in the form of NIS+ tables.NIS+ tables contain the administrative information normally supplied by local files (such as /etc/passwd).Setting secure permissions on the NIS+ tables is of utmost importance in maintaining system security. Any user with login access to a client or server that uses NIS+ for authentication may gain root privileges.

To check the permissions on the NIS+ password table, sites can use:

# niscat -0 passwd.org_dir

The output this produces should show two types of access rights with the NIS+ password table. Sites should check the access rights on the columns of the NIS+ password table. It should be noted that it may appear that individual entries of the password table are owned by individual users. The access rights do not allow a user to modify any part of their password table entry besides their own password field. For many environments this is acceptable, However, depending on the local site cofiguration and requirements, additional access rights may also be needed.

IRIX Desktop tool vulnerability

A vulnerability has been discovered in the IRIX 5.3, 6.1 and 6.2 operating systems. A CIAC advisory (G-26) reveals that the vulnerability concerns the permissions tool under the IRIX desktop environment. Normally, this tool is used to modify the permissions of users files and file privileges. Under certain

conditions, a user may be able to modify the permissions for restricted files. This is SGI Bug #375613. In order to exploit this vulnerability it is necessary to have access to a local account that can start thegraphicalpermissionstool. SGI Engineering has investigated this issue and recommends that the foltowing steps be taken to remove the problem. It is strongly recommended that these measures be carried out on all SGI systems running IRIX 5.3,6.1 and 6.2.

For the IRIX operating system version 5.3 an inst-able patch has been generated and made available via anonymous ftp and the service provider. The patch is number 1324 and it will only install on IRIX 5.3. The anonymous ftp site is sgigate.sgi.com or its mirror ftp.sgi.com.The patch can be found in the following directories on the ftp server:

-ftp/Security

-ftp/Patches/5,3

The same information and patches are available for versions 6.1 and 6.2 at the same site and in the directories -ftp/Security and -ftp/Patches/6.1 and -ftp/Security and -ftp/Patches/6.2 respectively.

Security hole in IIS software

Microsoft has issued a fix for a security flaw in its Internet Information Server for Windows NT 3.51 which could allow unauthorized access to files such as win.ini, reveals PC Week. Outsiders can access the system through a hole created by the bug.This could

01996 Elsevier Science Ltd