From rfp@vulnwatch.org Fri Apr 19 19:25:58 2002 From: Rain Forest Puppy To: vulnwatch@vulnwatch.org Date: Wed, 17 Apr 2002 00:10:41 +0000 (GMT) Subject: [VulnWatch] [Security Bulletin] (SSRT-541) Tru64 UNIX CDE, NFS and NIS related Potential Security Vulnerabilities (fwd) [[ RFP's note: A large gaggle of various problems...I wonder if any of these affect other unices. ]] ---------- Forwarded message ---------- Date: Tue, 16 Apr 2002 14:14:34 -0600 From: "Boren, Rich (SSRT)" Reply-To: Security Patch Mailing List To: Security Patch Mailing List Subject: [Security Bulletin] (SSRT-541) Tru64 UNIX CDE, NFS and NIS related Potential Security Vulnerabilities SECURITY BULLETIN: (SSRT-541) Tru64 UNIX CDE, NFS and NIS related Potential Security Vulnerabilities Posted at: http://ftp.support.compaq.com/patches/.new/security.shtml NOTICE: There are no restrictions for distribution of this Bulletin provided that it remains complete and intact. RELEASE DATE: APRIL, 2002 SEVERITY: See individual sections of PROBLEM SUMMARY SOURCE: Compaq Computer Corporation Compaq Services Software Security Response Team PROBLEM SUMMARY: A number of potential security vulnerabilities have recently been reported for CDE, libc, and NFS released with Tru64 UNIX V4.0F, V4.0G, V5.0A, V5.1 and V5.1A, where under certain circumstances, system integrity may be compromised by a malicious user. - CDE (severity high) o dtaction potential buffer overflow (SSRT0752U) o ttsession potential buffer overflow (SSRT0753U) o dtprintinfo potential buffer overflow (SSRT0757U, SSRT0788U) o dtspcd potential buffer overflow. (SSRT0782U) x-ref: (CVE CVE-2001-0803, CERT CA-2001-31, CA-2002-01) Compaq has not been able to reproduce the problem identified in the CERT advisory for any Compaq OS. However with the information available, we are including a code change for dtspcd that will further reduce any potential buffer overflow vulnerability. Buffer overflow attacks are commonly used to attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the set uid privilege. - Environment Variable LANG and LOCPATH (severity high) o libc (SSRT0771U) A libc environment variable corruption with LANG and LOCPATH , may cause a potential buffer overflow - NIS Network Information Service (severity moderate) o ypbind may core during nmap portscan (SSRT0781U) Core: A file that is a copy of the contents of a processes memory, that can be produced when that process is aborted by certain kinds of internal error. - NFS Network File System (severity moderate) (V4.0g pk3/BL17 & V5.0a pk3/BL17 only) o NFS Potential packet flood denial of service (DoS) (SSRT1-26) A remote user with malicious intent may cause a potential denial of service (DoS) with portmap server. Network DoS attacks make computer systems inaccessible by flooding a service, server or network with useless traffic. VERSIONS IMPACTED: TRU64 UNIX V5.1a PK1(BL1), V5.1 PK4(BL18), V5.0a PK3(BL17), V4.0g PK3(BL17), V4.0f PK7(BL18). RESOLUTION: The potential vulnerabilities noted below have been corrected and patches are now available for TRU64 UNIX. Compaq strongly recommends that systems be updated to at least the prerequisite version of TRU64 UNIX and PK release and then install the previously released security patches identified in the security advisory bulletin http://ftp.support.compaq.com/patches/.new/html/SSRT0742U-59U.shtml prior to installing these Early Release Patches. Early Release Patches (ERPs) are available for all supported versions of Tru64 UNIX and will be available in the next aggregate patch kits for each supported product version. Until these Tru64 UNIX fixes are generally available in mainstream patch kits, Compaq recommends use of the following Early Release Patches (ERP) kits: Tru64 UNIX 5.1A: Prerequisite: 5.1A with Patch Kit 1 (BL1) installed ERP Kit Name: T64V51AB1-C0011201-13438-ES-20020228.tar Kit Location: Tru64 UNIX 5.1: Prerequisite: 5.1 with Patch Kit 4 (BL18) installed ERP Kit Name: T64V51B18-C0102001-13428-ES-20020228.tar Kit Location: Tru64 UNIX 5.0A: Prerequisite: 5.0A with Patch Kit 3 (BL17) installed ERP Kit Name: T64V50AB17-C0018301-13396-ES-20020226.tar Kit Location: Tru64 UNIX 4.0G: Prerequisite: 4.0G with Patch Kit 3 (BL17) installed ERP Kit Name: T64V40GB17-C0010301-13400-ES-20020226.tar Kit Location: Tru64 UNIX 4.0F: Prerequisite: 4.0F with Patch Kit 7 (BL18) installed ERP Kit Name: DUV40FB18-C0067301-13427-ES-20020228.tar Kit Location: MD5 and SHA1 checksums are available in the public patch notice for the ERP kits. You may find information on how to verify MD5 and SHA1 checksums at: http://www.support.compaq.com/patches/whats-new.shtml NOTE: (1) Please review the README file(s) for each patch prior to installation. After completing the update, Compaq strongly recommends that you perform an immediate backup of your system disk so that any subsequent restore operations begin with updated software. Otherwise, you must reapply the update after a future restore operation. Also, if at some future time, you upgrade your system to a later patch release or version release, you may need to re-apply the appropriate ERP identified below. SUPPORT: For further information, contact your normal Compaq Support channel. SUBSCRIBE: To subscribe to automatically receive future Security Advisories from the Compaq's Software Security Response Team via electronic mail: http://www.support.compaq.com/patches/mailing-list.shtml REPORT: To report a potential security vulnerability with any Compaq supported product, send email mailto:security-ssrt@compaq.com or mailto:sec-alert@compaq.com Compaq appreciates your cooperation and patience. As always, Compaq urges you to periodically review your system management and security procedures. Compaq will continue to review and enhance the security features of its products and work with our customers to maintain and improve the security and integrity of their systems. "Compaq is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Compaq products the important security information contained in this Bulletin. Compaq recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Compaq does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Compaq will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin." Copyright 2002 Compaq Information Technologies Group, L.P. Compaq shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is subject to change without notice. Compaq and the names of Compaq products referenced herein are, either, trademarks and/or service marks or registered trademarks and/or service marks of Compaq Information Technologies Group, L.P. Other product and company names mentioned herein may be trademarks and/or service marks of their respective owners.