~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ INFORMATION TECHNOLOGY SECURITY ALERT Georgia Institute of Technology Information Resources Security Coordinator Alert number 99-01 (1999-01-05) Subject: Sun Solaris systems at risk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AFFECTED: Sun Solaris 2.5, 2.5.1, 2.5.1 patched, 2.6, 2.7 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ACTION REQUIRED: YES Unless you absolutely require its functionality, we recommend you disable the "autofsd" daemon, at least until a vendor patch is available. To do this, enter as root: /etc/init.d/autofs stop rm /etc/rc2.d/S74autofs (Note, this will prevent users from automatically mounting remote file systems.) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DETAILS: A remote attacker can gain ROOT access to your machine over the network without having a login account. Based on recent experience, it is HIGHLY LIKELY YOU WILL BE COMPROMISED unless you take preventative action. If you are compromised, you will at a minimum have to erase your hard drive(s) and reload all software from original media. Please note: the "autofsd" daemon is enabled by default. Further details about the vulnerability are at . NOTE: We issued an alert about a similar/related vulnerability in SGI and IBM/AIX systems in December 1998. See: . ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reminder: The Georgia Tech Information Resources Security home page is at http://www.itis.gatech.edu/security/