~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
INFORMATION TECHNOLOGY SECURITY ALERT
Georgia Institute of Technology
Information Resources Security Coordinator
Alert number 99-01 (1999-01-05)
Subject: Sun Solaris systems at risk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AFFECTED:

Sun Solaris 2.5, 2.5.1, 2.5.1 patched, 2.6, 2.7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ACTION REQUIRED: YES

Unless you absolutely require its functionality, we recommend you disable
the "autofsd" daemon, at least until a vendor patch is available.  To do
this, enter as root:

/etc/init.d/autofs stop
rm /etc/rc2.d/S74autofs

(Note, this will prevent users from automatically mounting remote file
systems.)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DETAILS:
A remote attacker can gain ROOT access to your machine over the network
without having a login account.  Based on recent experience, it is HIGHLY
LIKELY YOU WILL BE COMPROMISED unless you take preventative action.  If you
are compromised, you will at a minimum have to erase your hard drive(s) and
reload all software from original media.

Please note: the "autofsd" daemon is enabled by default.

Further details about the vulnerability are at
<http://www.attrition.org/hosted/cop/cop-01.txt>.

NOTE: We issued an alert about a similar/related vulnerability in SGI and
IBM/AIX systems in December 1998.  See:
<http://www.itis.gatech.edu//security/alerts/98-08.html>.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reminder:
  The Georgia Tech Information Resources Security home page is at
  http://www.itis.gatech.edu/security/