=============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : CERT-NL (Erik-Jan Bos) Index : S-94-20 Distribution : World Page : 1 Classification: External Version: Final Subject : SGI IRIX V4 serial_ports vulnerability Date : 04-Oct-94 =============================================================================== CERT-NL has received information that Version 4 of Silicon Graphics IRIX operating system contains a vulnerability. This vulnerability allows a user on your system to elevate their privilege level to root status. 1. Description The /usr/lib/vadmin/serial_ports program contains a vulnerability that allows a non-privileged user to gain root privileges. The program is used to set up the serial ports on your SGI IRIX system. The vulnerability only exists under Version 4 of IRIX. It was tested and verified under V4.0.5a. The program serial_ports does not exist under Version 5 of IRIX. The equivalent program /usr/Cadmin/bin/cports on Version 5 of IRIX does not exhibit the vulnerability. The information on how to exploit this vulnerability has been widely published. It is recommended that the action in Section 3 be applied immediately. 2. Impact Any non-privileged user logged in on your system may gain root privileges. 3. Proposed Solutions This solution need only be applied to IRIX Version 4 systems. The /usr/lib/vadmin/serial_ports program is used to initialise the data files for the serial ports on your system. It can be disabled by typing the following command as root: # /bin/chmod 700 /usr/lib/vadmin/serial_ports If you are not using the serial ports on your IRIX Version 4 system, then you can safely disable this program. If you are using serial ports and do not wish to change the configuration of those ports, then you can disable this program. If you intend changing the serial port configuration, you can still disable the serial_ports program. The change the serial port configuration, you can run the serial_ports program as root. ---------------------------------------------------------------------------- CERT-NL received the information on this vulnerability from AUSCERT, the Australian Computer Emergency Response Team. CERT-NL therefore wishes to thank the colleagues from AUSCERT for bringing this information to the attention of CERT-NL. The AUSCERT team wishes to thank Jeffrey Olds of Silicon Graphics for his advice and cooperation in this matter. ---------------------------------------------------------------------------- ============================================================================== CERT-NL is the Computer Emergency Response Team, located in The Netherlands. CERT-NL is a Full Member of the Forum of Incident Response and Security Teams (FIRST). The constituency of CERT-NL are the SURFnet connected institutions. Past CERT-NL Security Bulletins and other CERT-NL related material can be found on the anonymous FTP server of SURFnet bv: "ftp.nic.surfnet.nl" [192.87.46.3], in the directory "surfnet/net-security/cert-nl/docs/bulletin". This information is also available using email. Send an email saying "help" to "mailserv@nic.surfnet.nl". In case of computer or network security problems please contact CERT-NL or the CERT of your own constituency. Please be aware of the fact that we are one (when DST is in effect two) hour(s) ahead of Universal Time Coordinated (i.e. UTC+0100 (UTC+0200)). Email: cert-nl@surfnet.nl Phone: +31 30 310290 Fax: +31 30 340903 Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands A 7 * 24 hours phone number is available to SURFnet SSC's and FIRST members on request. ============================================================================== --- End of Security Advisory