=============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : CERT-NL (Erik-Jan Bos) Index : S-93-08 Distribution : SURFnet Constituency Page : 1 Classification: External Version: Final Subject : Commodore Amiga UNIX finger Vulnerability Date : 19-Feb-93 =============================================================================== CERT-NL has received information concerning a vulnerability in the "finger" program of Commodore Business Machine's Amiga UNIX product. The vulnerability affects Commodore Amiga UNIX versions 1.1, 2.03, 2.1, 2.1p1, 2.1p2, and 2.1p2a. Commodore is aware of the vulnerability, and both a workaround and a patch are available. Affected sites should apply either the workaround or the patch, and directions are provided below. If you have any further questions, contact Commodore's David Miller via e-mail. David's e-mail address is davidm@commodore.com. --------------------------------------------------------------------------- I. Description The "finger" command in Amiga UNIX contains a security vulnerability. II. Impact Non-privileged users can gain unauthorized access to files. III. Solution Commodore has suggested a workaround and a patch, as follows: A. Workaround As root, modify the permission of the existing /usr/bin/finger to prevent misuse. # /bin/chmod 0755 /usr/bin/finger B. Patch As root, install the "pubsrc" package from the distribution tape. In the file, "/usr/src/pub/cmd/finger/src/finger.c", add the line: setuid(getuid()); immediately before the line reading: display_finger(finger_list); (Optionally) save a copy of the existing /usr/bin/finger and modify its permission to prevent misuse. # /bin/mv /usr/bin/finger /usr/bin/finger.orig # /bin/chmod 0755 /usr/bin/finger.orig In the directory, "/usr/src/pub/cmd/finger", issue the command: # cd /usr/src/pub/cmd/finger # make install NOTE: Although the file mode "755" ensures that the vulnerability can not be exploited, CERT-NL advises to use "700" instead, in order to make the "vulnerable" file unreadable for further use. ------------------------------------------------------------------------------ CERT-NL wishes to thank CERT Coordination Center for bringing this information to our attention. CERT-NL also wishes to thank Commodore Business Machines for their response to this case. ============================================================================== CERT-NL is the Computer Emergency Response Team, located in The Netherlands. CERT-NL is a Full Member of the Forum of Incident Response and Security Teams (FIRST). The constituency of CERT-NL are the SURFnet connected institutions. Past CERT-NL Security Bulletins and other CERT-NL related material can be found on the anonymous FTP server of SURFnet bv: "ftp.nic.surfnet.nl" [192.87.46.3], in the directory "netman/cert-nl". This information is also available using email. Send an email saying "help" to "mailserv@nic.surfnet.nl". In case of computer or network security problems please contact CERT-NL or the CERT of your own constituency. Please be aware of the fact that we are are one hour ahead of Universal Time Coordinated (i.e. UTC+0100). Email: cert-nl@surfnet.nl Phone: +31 30 310290 Fax: +31 30 340903 Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands A 7*24h phonenumber is available to SURFnet SSC's and FIRST members on request ==============================================================================