Privacy and Legal Notice
INFORMATION BULLETIN
F-06: Novell UnixWare sadc, urestore, and suid_exec Vulnerabilities
December 14, 1994 0800 PST
PROBLEM: Security vulnerabilities exist in Novell UnixWare.
PLATFORMS: Novell UnixWare 1.1 on Intel-based platforms.
DAMAGE: Local users may gain privileged access to the system.
SOLUTION: Install fixes as described below.
VULNERABILITY These vulnerabilities have been announced and openly
ASSESSMENT: discusssed in an Internet forum. CIAC urges sites to install
these fixes as soon as possible.
Critical Information about the Novell UnixWare Vulnerabilities
CIAC has received information from Novell regarding vulnerabilities in
UnixWare 1.1 system software. These vulnerabilities will allow local users
to gain privileged access to the system. The Novell advisory announcing
these vulnerabilities and available fixes is reprinted in its entirety below.
Please refer any questions to CIAC.
[Begin Novell Advisory]
Recently, there were three security advisories posted on the
"net" associated with several versions of the Unix Operating System.
These advisories are related to the following:
/usr/lib/sa/sadc The command is sgid-on-exec to "sys"
/usr/sbin/urestore The command is suid-on-exec to "root"
suid_exec feature This pertains to "ksh".
One of the operating system versions affected was the UnixWare 1.1
product distributed by Novell, Inc. Listed below are the results of
the investigation that took place concerning the affected binaries:
With respect to the "sadc" problem, the "sadc" binary in the
UnixWare 1.1 product has been modified such that it no longer
poses a security threat.
This modification is provided as PTF683 and is available from
Novell Technical Support at (800) 486-4835.
With respect to the "urestore" problem, this requires an attribute
modification to remove the suid-on-exec bit. The functionality of
"urestore" should remain unchanged. This modification is also
included in PTF683.
The last advisory, suid_exec for ksh, does not apply to the version
of "ksh" supplied with the UnixWare 1.1 product.
This advisory relates to a feature in "ksh" that allows for the
execution of suid-on-exec shell scripts. Since the UnixWare 1.1
product provides this capability in the exec(2) system call in
the kernel, the UnixWare 1.1 product does not need to set that
DEFINE value when compiling "ksh" to achieve this capability and
hasn't since SVR4.0.
Novell, Inc. has sent source fixes to all SVR4.0, SVR4.2, and SVR4.2MP
OEM customers for both the "sadc" and "urestore" advisories. These vendors
should be making them available to licensees of their SVR4.X-based operating
systems. If you are using any of the versions mentioned above, you should
contact the appropriate vendor to obtain their official update.
[End Novell Advisory]
CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7 x 24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
UCRL-MI-119788
[Privacy and Legal Notice]