PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
{ISSO}, SPECIAL SECURITY OFFICER {SSO}, INFORMATION RESOURCE MANAGER
{IRM} AND AUTOMATED DATA PROCESSOR {ADP} COORDINATORS
U-1,235/DS-SIM {DCPO}
SUBJ:  VULNERABILITY IN AT&T /USR/ETC/REXECD {AUTOMATED SYSTEMS
SECURITY INCIDENT SUPPORT TEAM {ASSIST} 92-42}
1.  DISCUSSION:  ASSIST HAS LEARNED OF A NEW VULNERABILITY IN AT&T
TCP/IP RELEASE 4.0 RUNNING ON SVR4 SYSTEMS FOR BOTH THE 386/486 AND
3B2 RISC PLATFORMS. MISUSE OF /USR/ETC/REXECD MAY ALLOW A USER ON
A REMOTE MACHINE TO RUN COMMANDS AS ROOT ON THE TARGET HOST {THE
HOST RUNNING THE AFFECTED /USR/ETC/REXECD}. THE EXISTING ERROR, IN
THE REMOTE EXECUTION SERVER /USR/ETC/REXECD, HAS BEEN CORRECTED, AND
A NEW EXECUTABLE FOR REXECD IS AVAILABLE FROM AT&T BY CALLING
800-543-9935.  PATCHES MAY BE OBTAINED OUTSIDE THE U.S. BY CALLING
YOUR LOCAL TECHNICAL SUPPORT.  THE NUMBERS ASSOCIATED WITH THE FIX
ARE 5127 {3.5" MEDIA} AND 5128 {5.25" MEDIA}. 
2.  RECOMMENDATION:  ADMINISTRATORS OF AFFECTED SYSTEMS SHOULD 
EXECUTE, AS ROOT, THE COMMAND "{POUND-SIGN} CHMOD 400
/USR/ETC/REXECD" TO IMMEDIATELY TURN OFF ACCESS TO REXECD UNTIL THE
NEW BINARY CAN BE OBTAINED.  YOU MAY THEN OBTAIN AND INSTALL THE NEW
PATCH.  THE FIX WILL BE SUPPLIED AS ONE DISKETTE, AND IT COMES WITH
ONE PAGE OF INSTRUCTIONS DOCUMENTING THE PROCEDURE FOR REPLACING THE
EXISTING /USR/ETC/REXECD BINARY. 
3.  THE PROBLEM DOES NOT EXIST IN TCP/IP RELEASE 3.2 FOR SVR3, OR
ANY EARLIER VERSIONS OF THE TCP/IP PRODUCT RUNNING ON EITHER THE
3B2 OR 386 PLATFORMS.  IN ADDITION, THE VERSION OF TCP/IP
DISTRIBUTED WITH SVR4 BY UNIX{R} SYSTEM LABORATORIES, INC. {A
SUBSIDIARY OF AT&T} DOES NOT CONTAIN THIS VULNERABILITY. 
4.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
MIKE HIGGINS, COMM {202} 373-8852/55 OR DSN 243-8852/55.  ASSIST
CAN BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER {800} SKY-PAGE,
PIN NUMBER 2133937 {FROM A TOUCH TONE PHONE ENTER THE CALL BACK
NUMBER AFTER THE PROMPT} OR AUTOVON DIAL 243-8000 AND ASK TO HAVE
THE ASSIST DUTY OFFICER PAGED.  ASSIST CAN BE REACHED VIA E-MAIL AT
"DOD-CERT{AT-SIGN}DDN-CONUS.DDN.MIL."