-----BEGIN PGP SIGNED MESSAGE----- =============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Gert Meijerink Index : S-95-18 Distribution : World Page : 1 Classification: External Version: 1 Subject : SGI Softwindows 1.25 vulnerability Date : 4-oct-95 =============================================================================== By courtesy of Silcon Graphics we received the following information about a SGI SoftWindows 1.25 vulnerability. =============================================================================== SUBJECT: SGI SoftWindows 1.25 allows access to privileged files. SUMMARY: The information on this problem was issued by Silicon Graphics Inc. with the following waiver: Silicon Graphics provides this information freely to the SGI community for its consideration, interpretation and implementation. Silicon Graphics recommends that this information be acted upon as soon as possible. Silicon Graphics will not be liable for any consequential damages arising from the use of, or failure to use or use properly, any of the instructions or information in this Security Advisory. BACKGROUND: SGI has discovered an inappropriate use of root privilege in the SoftWindows 1.25 product which is distributed on the Desktop Special Edition 1.0 and HotMix 11 CD-ROMs. SoftWindows invokes Netscape as the root user as part of the installation script, per_user.sh. This privileged invocation of Netscape can access protected files on the system, and potentially lead to system software damage. IMPACT: Local users can gain unauthorized root access to system resources. RECOMMENDED SOLUTIONS: A fix for this problem is being developed and tested by SGI. Until that is available, SGI recommends that the following change be made to the system (as root) after SoftWindows is installed: # cd /usr/lib/SoftWindows # mv swin_hints.html swin125_hints.html SGI systems should also be checked to see whether there are any processes executing Netscape as root, and terminate them immediately if they were not started by a system administrator. To obtain SGI security information, patches or assistance, please contact your SGI support provider. If there are questions about this document, email can be sent to cse-security-alert@csd.sgi.com. For reporting *NEW* SGI security issues, email can be sent to security-alert@sgi.com. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> CERT-NL would like to thank Silcon Graphics for information contained in this bulletin. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ============================================================================== CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST). All CERT-NL material is available under: http://www.surfnet.nl/surfnet/security/cert-nl.html ftp://ftp.surfnet.nl/surfnet/net-security In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team). CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer, i.e. UTC+0100 in winter and UTC+0200 in summer (DST). Email: cert-nl@surfnet.nl Phone: +31 302 305 305 Fax: +31 302 305 329 Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands A 7 * 24 hours phone number is available to SURFnet SSC's and FIRST members on request. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMML+XR68tkuRYDgtAQGLWAQAvP6AC+CbR4+fAepeWwVJVApnenyP13Vb sd3nw5+7SjEIGHm6Bo5JDnmKtRz9nIbNVvaKBkZ0C6LODs1sTUYm0/4hHmGxl7fT YWGe8iKKof0/oyj38UNZQPSQbR3qTZyM9diA9cTzp+fs7VAyZ72Yb4pr5vg0wxce ZafvQhfm48c= =HOFn -----END PGP SIGNATURE-----