PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
(ISSO), SPECIAL SECURITY OFFICER (SSO), INFORMATION RESOURCE MANAGER
(IRM) AND AUTOMATED DATA PROCESSOR (ADP) COORDINATORS
SUBJECT:  SUNOS /USR/LIB/EXPRESERVE VULNERABILITY (AUTOMATED SYSTEM
SECURITY INCIDENT SUPPORT TEAM (ASSIST) BULLETIN 93-18).
1.  ASSIST HAS RECEIVED INFORMATION THAT COULD ALLOW AN EXISTING USER
TO OBTAIN ROOT ACCESS ON A SUN.  THIS VULNERABILITY DOES NOT ALLOW
UNAUTHORIZED ENTRY TO A SYSTEM FROM A REMOTE SYSTEM.  THIS
VULNERABILITY EXISTS IN SUNOS VERSIONS 4.1, 4.1.1, 4.1.2, 4.1.3, 5.0,
5.1, AND 5.2.  A PATCH TO CORRECT THIS VULNERABILITY IS AVAILABLE
FROM SUN AS DESCRIBED BELOW.  DETAILED INFORMATION REGARDING THIS
VULNERABILITY WAS RECENTLY DISCUSSED IN AN INTERNET MAILING LIST.
2.  AS AN IMMEDIATE STEP, ASSIST RECOMMENDS DISABLING THE EXPRESERVE
UTILITY, AND THEN INSTALLING THE CURRENT SECURITY PATCH FOR THIS
VULNERABILITY.  TO DISABLE THE EXPRESERVE UTILITY, EXECUTE THE
FOLLOWING COMMAND AS ROOT:
     /BIN/CHMOD A-X /USR/LIB/EXPRESERVE
THE EXPRESERVE COMMAND IS NORMALLY USED TO RECOVER VI EDITOR FILES
WHEN VI TERMINATES UNEXPECTEDLY.  DISABLING EXPRESERVE WILL DISABLE
THIS RECOVERY FEATURE.  USERS OF VI SHOULD BE ADVISED OF THIS
TEMPORARY CHANGE AND ENCOURAGED TO SAVE THEIR WORK FREQUENTLY.
3.  SUN HAS PROVIDED A SECURITY PATCH FOR SUNOS 4.1, 4.1.1, 4.1.2,
AND 4.1.3 THAT WILL CORRECT THE VULNERABILITY.  THE PATCH IS
AVAILABLE BOTH THROUGH YOUR LOCAL SUN ANSWER CENTER AND ANONYMOUS
FTP.  IN THE U.S., FTP TO FTP.UU.NET (137.39.1.9) AND RETRIEVE THE
PATCH FROM THE /SYSTEMS/SUN/SUN-DIST DIRECTORY.  IN EUROPE, FTP TO
MCSUN.EU.NET AND RETRIEVE THE PATCH FROM THE /SUN/FIXES DIRECTORY.
     PATCH ID     FILENAME             CHECKSUM
     101080-01    101080-01.TAR.Z      45221   13
THE PATCH HAS BEEN CHECKSUMMED USING THE SUNOS "SUM" COMMAND SO ITS
VALIDITY CAN BE VERIFIED BY THE END USER.  THE PATCH MAY BE UPDATED
AFTER THIS BULLETIN IS RELEASED AND THE CHECKSUM OF THE PATCH YOU
RECEIVE MAY NOT MATCH THE CORRESPONDING CHECKSUM LISTED IN THIS
MESSAGE.  CHECK THE README FILE INCLUDED WITH THE PATCH FOR THE
CURRENT CHECKSUM OR CALL SUN MICROSYSTEMS IF THERE IS A DISCREPANCY. 
TO INSTALL THE PATCHES ON YOUR SYSTEM, FOLLOW THE INSTRUCTIONS
CONTAINED IN THE README FILES WHICH ACCOMPANY EACH PATCH.
4.  A PATCH FOR ALL 5.X SUNOS VERSIONS (SOLARIS 2.X) IS UNDER
DEVELOPMENT AND WILL BE RELEASED AS SOON AS TESTING IS COMPLETE. 
ASSIST WILL ISSUE A FOLLOW-UP MESSAGE AT THAT TIME.
5.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
ROBERT MCNEAL, (VOICE MAIL) COMM (703) 696-1904 DSN 226, OR COMM
(703) 696-1924/5/6 DSN 226.  ASSIST CAN BE REACHED 24 HOURS PER DAY,
COMMERCIAL PAGER (800) SKY-PAGE (800-759-7243), PIN NUMBER 2133937. 
WHEN CALLING THE PAGER SERVICE, FOLLOW THE AUTOMATED VOICE
INSTRUCTIONS AND ENTER THE CALL BACK NUMBER AFTER THE PROMPT.  THE
ASSIST DUTY OFFICER WILL CALL YOU BACK WITHIN 30 MINUTES.  IF FASTER
SERVICE IS REQUIRED, PREFIX YOUR TELEPHONE NUMBER WITH "999", AND THE
ASSIST DUTY OFFICER WILL CALL BACK WITHIN 5 MINUTES.  ASSIST CAN ALSO
BE REACHED VIA E-MAIL AT "DOD-CERT(AT-SIGN)DDN-CONUS.DDN.MIL", BY
DIALING INTO THE ASSIST ELECTRONIC BULLETIN BOARD AT (703) 696-8726,
DSN 226, AND LEAVING A MESSAGE FOR THE SYSOP, OR BY LEAVING A VOICE
MAIL MESSAGE FOR THE ASSIST TEAM AT (703) 696-1904 (SELECT '9').
BT