NO RESTRICTIONS _____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin Vulnerability in SunOS SPARC Integer Division September 17, 1991, 1200 PDT Number B-41 ------------------------------------------------------------------------------- PROBLEM: Integer division bug can be used to gain root PLATFORM: sun4, sun4c: SunOS release: 4.1, 4.1.1 DAMAGE: Unauthorized root access and potential system crash SOLUTIONS: Apply Sun Patch-ID# 100376-01 for SunOS 4.1 and 4.1.1; rebuild and install the operating system kernel with patched object file ------------------------------------------------------------------------------- Critical Facts About Sun Integer Division Bug CIAC has learned of a security problem with the integer division exception handling on SPARC (Including Sun 4 and 4c architectures) based computers running SunOS 4.1 and 4.1.1. This vulnerability can be used to gain unauthorized root access and can also result in system crashes. Sun is providing a patch (Sun Patch-ID# 100376-01) to correct this problem. This patch is available from Sun (call 1-800-USA-4SUN), or through anonymous ftp at uunet.uu.net (ip address 137.39.1.2) in the directory ~ftp/sun-dist (see bulletin B-33 for details on obtaining files from uunet.uu.net). The patch filename is 100376-01.tar.Z, and has a checksum (using the command "sum 100376-01.tar.Z") of "09989 11". Please note that Sun Microsystems sometimes updates patch files, resulting in a changed checksum result. If you find that the checksum is different from the one given above, please contact Sun Microsystems or CIAC for verification. The patch file must be uncompressed, and the tar files extracted. To apply the patch, replace the file /sys/sun{4,4c}/OBJ/crt.o with the crt.o file appropriate to your system which is contained in the patch. You must then rebuild the kernel, replace your copy of /vmunix, and reboot the system. Since the installation of this patch will vary depending on your individual system configuration, please refer to the System and Network Administration Manual on building and configuring a custom kernel for details on this procedure. For additional information or assistance, please contact CIAC: David Brown (510) 423-9878** or (FTS) 543-9878 FAX: (510) 423-8002** or (FTS) 543-8002 **Note: On September 1, 1991, CIAC's area code changed from 415 to 510 or send e-mail to: ciac@llnl.gov Previous CIAC bulletins are available via anonymous FTP from irbis.llnl.gov (ip number 128.115.19.60) CIAC gratefully acknowledges the timely response of Sun Microsystems in responding to this problem. Thanks also to the Computer Emergency Response Team at Carnegie-Mellon for some of the material used in this bulletin. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government nor the University of California, and shall not be used for advertising or product endorsement purposes.