X-Priority: 2 (High) Date: Tue, 01 Dec 1998 16:43:41 -0500 To: csr@smash.gatech.edu, snag@gt.ed.net, information-technology@oit.gatech.edu From: Ray Spalding Subject: GT/IRSC ALERT: Silicon Graphics and IBM/AIX systems at risk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ INFORMATION TECHNOLOGY SECURITY ALERT Georgia Institute of Technology Information Resources Security Coordinator Alert number 98-08 (1998-12-01) Subject: Silicon Graphics and IBM/AIX systems at risk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AFFECTED: IBM AIX 4.3 SGI IRIX 6.2, 6.3, 6.4, 6.5, 6.5.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ACTION REQUIRED: YES If you operate either a Silicon Graphics IRIX system or an IBM AIX system, then you must either disable the "autofsd" daemon or apply a vendor patch or upgrade. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DETAILS: A remote attacker can gain ROOT access to your machine over the network without having a login account. Based on recent experience, it is HIGHLY LIKELY YOU WILL BE COMPROMISED unless you take preventative action. If you are compromised, you will at a minimum have to erase your hard drive(s) and reload all software from original media. Please note: the "autofsd" daemon is enabled by default. In lieu of applying patches, you may disable the "autofsd" daemon by entering, as root, one of the following commands and then rebooting. (Note, this will prevent users from automatically mounting remote file systems.) On SGI systems: chkconfig autofs off On IBM systems: stopsrc -s automountd Further information regarding SGI IRIX systems is at: . Further information regarding IBM AIX systems is at: . Further details about the vulnerability are at . ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reminder: The Georgia Tech Information Resources Security home page is at http://www.itis.gatech.edu/security/