MCI Telecommunications internetMCI Security Group Report Name: iMCI MIIGS Security Alert Report Number: iMCISE:IMCIDEC:112096:01:P1R1 Report Date: 11/20/96 Report Format: Formal Report Classification: MCI Informational Report Reference: http://www.security.mci.net Report Distribution: iMCI Security, MCI Internal Internet Gateway Security (MIIGS), MCI Emergency Alert LiSt (MEALS) (names on file) ---------------------------------------------------------------------------- --- > > > ECO NUMBER: OSF360-350234 > ----------- > PRODUCT: Digital UNIX Operating System > -------- > UPDATED PRODUCT: Digital UNIX Operating System 3.2D > ---------------- > APPRX BLCK SIZE: 165 > ---------------- > APPRX BYTE COUNT: 72,100 > ----------------- > > >DIGITAL > >Cover Letter for Digital UNIX version 3.2D-1/3.2E-1 ECO Kit OSF360-350234 > > >ECO Kit OSF360-350234 Description >-------------------------------------- > > NOTE: The OSF360-350177 kit was released via > other mechanisms prior to inclusion of > the OSF360-350234 kit. > >PROBLEM: ( SSRT0379U, QAR 43739 ) (Patch ID: OSF360-350177) >******** >A potential security vulnerability has been discovered in 'mountd', where >under certain circumstances users may gain unauthorized access. Digital has >corrected this potential vulnerability. > >Also add the -a option flag to request the addresses for the hostname and >verify that the name and address correspond. This is similar to the >behavior of the rshd and rlogind daemons. > >PROBLEM: (HPXQ36487/QAR 45362) (Patch ID: OSF360-350234) >******** >'mountd' can die without logging the event in the daemon.log file and >without generating a core file. This can occur if the following >conditions are true: > > o The output from the "showmount -e host" command is greater than 4K > bytes long. > > o The "showmount -e host" command times out and issues the error: > > Can't do Exports rpc: RPC: Timed out > >The 'showmount' command has a 25 second time out, plus the typical >showmount request returns in less than a second. This problem has so >far only occurred when the NFS server is exporting a large number of >file systems hosted by a 3rd party product (where a large number was >greater than 100 of the 3rd party product's entries). > >Another way to cause this problem is if the 'showmount' command is >aborted via Control-C before the NFS server can return the list of >exported file systems. > >Other systems, such as PCs requesting a list of exported file systems, >could also cause this problem. > >Installation Overview >--------------------- > > This patch contains the following inventory: > > /usr/sbin/mountd subset OSFNFS350 > CHECKSUM: 60719 56 RCS: mountd.c Revision: >4.2.35.4 > > As root and assuming that the patch tar is in /tmp, unpack the patch. > > su > cd /tmp > tar xvf OSF360-350234.tar > > Preserve the old version: > > cp /usr/sbin/mountd /usr/sbin/mountd.orig > > Install the new files and hard links: > > cp /tmp/patches/mountd /usr/sbin/mountd > chown bin:bin /usr/sbin/mountd > chmod 755 /usr/sbin/mountd > > Stop and restart 'mountd' > > ps ax | grep mountd > kill -9 # get pid from the ps display > /usr/sbin/mountd <-options> # take -options from the ps display > > > Copyright Digital Equipment Corporation 1996. All Rights reserved. > > This software is proprietary to and embodies the confidential technology > of Digital Equipment Corporation. Possession, use, or copying of this > software and media is authorized only pursuant to a valid written license > from Digital or an authorized sublicensor. > > This ECO has not been through an exhaustive field test process. > Due to the experimental stage of this ECO/workaround, Digital > makes no representations regarding its use or performance. The > customer shall have the sole responsibility for adequate protection > and back-up data used in conjunction with this ECO/workaround. > > > ===============================================================