_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin June 3, 1991, 1100 PST Number B-30 SunOS lpd Problem _________________________________________________________________________ PROBLEM: The SunOS 4.1 and 4.1.1 line printer spooler daemon (lpd) has a flaw that allows unauthorized deletion of files. PLATFORM: Sun3, sun3x, sun4, sun4c architectures running SunOS 4.1 and 4.1.1 DAMAGE: Unauthorized file deletions can occur SOLUTIONS: Apply patch-ID# 100305-01 _________________________________________________________________________ Critical Facts About lpd Problem Sun Microsystems has recently released a security bulletin (#00108) concerning a problem with the line printer spooler daemon (lpd). This problem can allow an unauthorized person to use the SunOS 4.1 and 4.1.1 lpd to delete files. Sun Microsystems has provided corrected lpd files for the various architectures and versions of SunOS affected. These files are in the compressed tarfile 100305-01.tar.Z This file can be obtained from Sun by specifying "Patch-ID# 100305-01". Alternately, the file can be obtained via anonymous FTP from ftp.uu.net as "sun-dist/100305-01.tar.Z". The checksum (sum(1V)) of the file 100305-01.tar.Z is "31440 239". Instructions for obtaining this patch from ftp.uu.net are: (Login as root) # ftp ftp.uu.net ... Name (ftp.uu.net:root): anonymous 331 Guest login ok, send ident as password. Password: 230 Guest login ok, access restrictions apply. ftp> cd sun-dist ftp> binary ftp> get 100305-01.tar.Z ... ftp> quit # Instruction for applying this patch are: (Login as root) (cd to directory containing the compressed tar patch file) (Verify the integrity of the compressed tar patch file. # sum 100305-01.tar.Z 31440 239 (If the numbers you get are not these, DO NOT proceed! You have a bad ( patch file. Delete the patch file and try to obtain a proper copy. # uncompress 100305-01.tar.Z # mkdir sunpatch # cd sunpatch # tar xvf ../100305-01.tar (Kill the running lpd: # ps -ax | grep lpd (You should see something like: ( 134 ? IW 0:00 /usr/lib/lpd ( 26753 p5 S 0:00 grep lpd ( Insert the "pid" (the first number on the line) of /usr/lib/lpd into ( the next command, i.e. in this case, one would substitute 134. ( If you have more than one copy of lpd running, repeat the "kill -9" ( command for each "pid" found. # kill -9 {pid of /usr/lib/lpd} (Save old lpd # mv /usr/lib/lpd /usr/lib/lpd.FCS # chmod 100 /usr/lib/lpd.FCS (copy the upgraded lpd file to /usr/lib ( Substitute as appropriate for your architecture and SunOS version: # cp sun{3,3x,4,4c}/{4.1,4.1.1}/lpd /usr/lib/lpd # chmod 6755 /usr/lib/lpd # chown root /usr/lib/lpd # chgrp daemon /usr/lib/lpd (Verify your work: # ls -lg /usr/lib/lpd -rwsr-sr-x 1 root daemon ????? ??? ?? ??:?? /usr/lib/lpd (Restart the lpd daemon: # rm -f /dev/printer /var/spool/lpd.lock # /usr/lib/lpd (Verify that the lpd daemon restarted: # ps -ax | grep lpd (Cleanup: # cd .. # rm -r sunpatch # rm 100305-01.tar For additional information or assistance, please contact CIAC: Hal Brand (415) 422-6312 or (FTS) 532-6312 brand@addvax.llnl.gov Call CIAC at (415) 422-8193 or (FTS) 532-8193 or send e-mail to ciac@cheetah.llnl.gov. Send FAX messages to: (415) 423-0913 or (FTS) 543-0913. Sun Microsystems provided some of the information used in this bulletin. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.