totse.com | CIAC Advisory number A- 32


	About


	Community


	Bad Ideas


	Drugs


	Ego


	Erotica


	Fringe


	Society

Technology

	Hack
		Hacker Zines
			CERT
			CHAL
			CHAOS
			CIAC
			CPD
			CPSR
			CRH
			CWD
			CuD
			CuD/A
			EFF
			LOL
			MOD
			Miscellaneous Phreak and Hacker Zines
			NIA
			RISKS
			UXU


	register \| bbs \| search \| rss \| faq \| about
	meet up \| add to del.icio.us \| digg it
	CIAC Advisory number A- 32 NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site. ________________________________________________________________________ THE COMPUTER INCIDENT ADVISORY CAPABILITY CIAC INFORMATION BULLETIN ________________________________________________________________________ SunView/SunTools selection_svc Vulnerability August 23, 1990, 1600 PST Number A-32 CIAC has been advised that there is a vulnerability (Sun Bug ID 1039576) in systems running SunView under SunOS 4.x (or SunTools under SunOS 3.x). The SunView/SunTools selection_svc facility may allow a remote user unauthorized access to selected files from a computer running SunView. The problem exists in Sun3 and Sun4 platforms running SunOS 3.x, 4.0, 4.0.1, 4.0.3, and 4.1 as well as 386i platforms running SunOS 4.0, 4.01, and 4.0.2. Because the selection_svc process continues to run until terminated, this vulnerability can be exploited even after a user changes to another window system after running SunView/SunTools or logs off the system. (The problem is in SunView/SunTools, however, and not with other window systems such as X11.) CERT/CC provides additional details: On Sun3 and Sun4 systems, a remote system can read any file that is readable to the user running SunView. On the 386i, a remote system can read any file on the workstation running SunView regardless of protections. Note that if root runs Sunview, all files are potentially accessible by a remote system. If the password file with the encrypted passwords is world readable, an intruder can take the password file and attempt to guess passwords. A patch for this vulnerability is available for Sun 4.x systems. Call your local Sun answer center, phone (800) USA-4SUN, anonymous ftp into sun-fixes on uunet.uu.net, or send e-mail to: [email protected] Sun Microsystems has recently established a customer warning system for reporting new vulnerabilities and disseminating relevant information. Send e-mail to: [email protected] or leave a message on the voice mail system at (415) 336-7205. Please also advise CIAC of any new vulnerabilities you may discover. For additional information or assistance, please contact CIAC: David Brown (415) 423-9878 or (FTS) 543-9878 FAX: (415) 423-0913, (FTS) 543-0913 or (415) 422-4294 CIAC's 24-hour emergency hot-line number is (415) 971-9384. If you call the emergency number and there is no answer, please let the number ring until voice mail comes on. Please leave a voice mail message; someone will return your call promptly. You may send e-mail to: [email protected] CERT/CC and Brad Powell of Sun Microsystems provided information included in this bulletin. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government nor the University of California, and shall not be used for advertising or product endorsement purposes.
	To the best of our knowledge, the text on this page may be freely reproduced and distributed. If you have any questions about this, please check out our Copyright Policy. totse.com certificate signatures
	About \| Advertise \| Bad Ideas \| Community \| Contact Us \| Copyright Policy \| Drugs \| Ego \| Erotica FAQ \| Fringe \| Link to totse.com \| Search \| Society \| Submissions \| Technology

Hot Topics

	Reading childrens books weird?
	What are you currently reading?
	How often do you read?
	Would you let your novel become a movie?
	Penguin and Barnes and Noble, fleecing customer?
	Chuck Palahniuk
	What does reading mean for you?
	Book Recommendation


	Sponsored Links Ads presented by the AdBrite Ad Network

TSHIRT HELL T-SHIRTS