-----BEGIN PGP SIGNED MESSAGE-----

===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : Nico de Koo                                 Index  :    S-97-60
Distribution  : World                                       Page   :          1
Classification: External                                    Version:          1
Subject       : SUN: Vulnerability in NIS+                  Date   :  07-Aug-97
===============================================================================

By courtesy of Sun Microsystems and CIAC we received
information on a vulnerability in Sun's NIS+

CERT-NL recommends application of the patches listed in section 4.
______________________________________________________________________________
                   Sun Microsystems, Inc. Security Bulletin

Bulletin Number:                #00148
Date:                   July 30
Title:                  Vulnerability in NIS+

______________________________________________________________________________
Permission is granted for the redistribution of this Bulletin, so long as
the Bulletin is not edited and is attributed to Sun Microsystems. Portions
may also be excerpted for re-use in other security advisories so long as
proper attribution is included.

Any other use of this information without the express written consent of
Sun Microsystems is prohibited. Sun Microsystems expressly disclaims all
liability for any misuse of this information by any third party.
______________________________________________________________________________

1.  Bulletins Topics

    Sun announces the release of patches for Solaris 2.4 and 2.3 (SunOS 5.4
    and 5.3) which relate to a vulnerability in NIS+.

    Sun strongly recommends that you install the patches listed in section 4
    immediately on systems running SunOS 5.4 and 5.3 which use NIS+.

2.  Who is Affected

    Vulnerable:  SunOS versions 5.4, 5.4_x86, and 5.3 which use NIS+.

    Not Vulnerable: SunOS 4.1.3_U1, 4.1.4, 5.5, 5.5_x86, 5.5.1, 5.5.1_x86,
                    and the upcoming version of Solaris.

3.  Understanding the Vulnerability

    NIS+ is a network-wide name service that runs under Solaris. It can be
    selected as the name service in /etc/nsswitch.conf. If NIS+ is selected,
    programs with setuid root permissions will link nss_nisplus.so.1 which
    is susceptible to a buffer overflow vulnerability. This vulnerability may
    allow non-privileged users to gain root privileges.

4.  List of Patches

    The vulnerability in NIS+ is fixed by the following patches:

    OS version          Patch ID
    __________          ________
    SunOS 5.4           102277-03
    SunOS 5.4_x86       102278-03
    SunOS 5.3           101736-04

5.  Checksum Table

    The checksum table below shows the BSD checksums (SunOS 5.x:
/usr/ucb/sum),
    SVR4 checksums (SunOS 5.x: /usr/bin/sum), and the MD5 digital signatures
    for the above-mentioned patches that are available from:

        <URL:ftp://sunsolve1.sun.com/pub/patches/patches.html>

    These checksums may not apply if you obtain patches from your answer
    centers.

File Name         BSD        SVR4         MD5
_______________   ________   _________    ________________________________
102277-03.tar.Z   10681 76   2019 152     4585727103680C70301D2F7679C9EA6D
102278-03.tar.Z   52108 76   53872 151    5040EB6980280C729051927BFB5C8130
101736-04.tar.Z   27381 77   18741 153    0AC81583908220A4D92CF5C091D6212C

______________________________________________________________________________

CERT-NL wishes to acknowledge the contributions of Sun Microsystems, Inc. for the
information contained in this bulletin.
==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers.
SURFnet is the Dutch network for educational, research and related institutes.
CERT-NL is a member of the Forum of Incident Response and Security Teams
(FIRST).

All CERT-NL material is available under:
  http://www.surfnet.nl/surfnet/security/cert-nl.html
  ftp://ftp.surfnet.nl/surfnet/net-security

In case of computer or network security problems please contact your
local CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet
customer please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

   Email:     cert-nl@surfnet.nl     ATTENDED REGULARLY ALL DAYS
   Phone:     +31 302 305 305        BUSINESS HOURS ONLY
   Fax:       +31 302 305 329        BUSINESS HOURS ONLY
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands

NOODGEVALLEN:    06 52 87 92 82      ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 52 87 92 82      ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER	IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.

==============================================================================


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAwUBM+m9G0U5nQkWIq1FAQEaCgQAr8nT39gRnMGATAE7EGpOz3xO0YkqT1tZ
9wmSBXirTRc1rIZy3irfjmL9Cw4sxyxOLwbOuRPjbY+8bxH7ucQvTgSVSblx4Doy
2QKWf3V1w28GhCBhUr58ThfeFJq4ze6yO8Qp5dSyH28QEnqFT8accq6Uo80hiH0w
AM0WA28LdIE=
=wS44
-----END PGP SIGNATURE-----