============================================================================= AA-94.05a AUSCERT Advisory 5-Oct-1994 SGI IRIX V4 and V5 serial_ports vulnerability ----------------------------------------------------------------------------- *** This Advisory contains updated information *** The Australian Computer Emergency Response Team has received information that Version 4 of Silicon Graphics IRIX operating system contains a vulnerability. This vulnerability may also exist on Version 5 systems. This vulnerability allows a user on your system to elevate their privilege level to root status. 1. Description The /usr/lib/vadmin/serial_ports program contains a vulnerability that allows a non-privileged user to gain root privileges. The program is used to set up the serial ports on your SGI IRIX system. The vulnerability only exists under Version 4 of IRIX. It was tested and verified under V4.0.5a. The program serial_ports normally does not exist under Version 5 of IRIX. The equivalent program /usr/Cadmin/bin/cports on Version 5 of IRIX does not exhibit the vulnerability. However, some upgrade paths from Version 4 to Versio 5 may inadvertantly leave the serial_ports program on the system, and in a vulnerable state. The information on how to exploit this vulnerability has been widely published. It is recommended that the action in Section 3 be applied immediately. Silicon Graphics have requested that their internal advisory number be included in any correspondance that sites may have when requesting assistance from SGI. This number is 19941001-01-P. 2. Impact Any non-privileged user logged in on your system may gain root privileges. 3. Proposed Solutions This solution need only be applied to IRIX Version 4 systems, or Version 5 systems that still contain the serial_ports program. The /usr/lib/vadmin/serial_ports program is used to initialise the data files for the serial ports on your system. It can be disabled by typing the following command as root: # /bin/chmod 700 /usr/lib/vadmin/serial_ports If you are not using the serial ports on your IRIX Version 4 system, then you can safely disable this program. This program has been superseded by /usr/Cadmin/bin/cports on Version 5 and therefore, is no longer required. If you are using serial ports and do not wish to change the configuration of those ports, then you can disable this program. If you intend changing the serial port configuration, you can still disable the serial_ports program. The change the serial port configuration, you can run the serial_ports program as root. ---------------------------------------------------------------------------- The AUSCERT team wishes to thank Jeffrey Olds of Silicon Graphics for his advice and cooperation in this matter. ---------------------------------------------------------------------------- If you believe that your system has been compromised, contact AUSCERT or your representative in FIRST (Forum of Incident Response and Security Teams). AUSCERT is the Australian Computer Emergency Response Team, funded by the Australian Academic Research Network (AARNet) for its members. It is located at The University of Queensland within the Prentice Centre. AUSCERT is a full member of the Forum of Incident Response and Security Teams (FIRST). AUSCERT maintains an anonymous FTP service which is currently based at ftp.sert.edu.au:/security. This archive contains past SERT and AUSCERT Advisories, and other computer security information. Internet Email: auscert@auscert.org.au Facsimile: (07) 365 4477 Telephone: (07) 365 4417 (International: +61 7 365 4417) AUSCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. Postal: Australian Computer Emergency Response Team c/- Prentice Centre The University of Queensland Brisbane Qld. 4072. AUSTRALIA