From owner-freebsd-hackers Tue Jul 9 15:25:33 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id PAA13383 for hackers-outgoing; Tue, 9 Jul 1996 15:25:33 -0700 (PDT) Received: from novell.com (prv-ums.Provo.Novell.COM [137.65.40.4]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id PAA13378 for ; Tue, 9 Jul 1996 15:25:30 -0700 (PDT) Received: from INET-PRV-Message_Server by novell.com with Novell_GroupWise; Tue, 09 Jul 1996 16:25:23 -0600 Message-Id: X-Mailer: Novell GroupWise 4.1 Date: Tue, 09 Jul 1996 16:32:38 -0600 From: Darren Davis To: hackers@FreeBSD.org Subject: FW: CERT Advisory CA-96.13 - Alien/OS Vulnerability (fwd) Encoding: 45 Text Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Subject: CERT Advisory CA-96.13 - Alien/OS Vulnerability (fwd)>CERT(sm) Advisory CA-96.13>July 4, 1996>>Topic: ID4 virus, Alien/OS Vulnerability>>--------------------------------------------------------------------------->>The CERT Coordination Center has received reports of weaknesses in>Alien/OS that can allow species with primitive information sciences>technology to initiate denial-of-service attacks against MotherShip(tm)>hosts. One report of exploitation of this bug has been received.>>When attempting takeover of planets inhabited by such races, a trojan>horse attack is possible that permits local access to the MotherShip host,>enabling the implantation of executable code with full root access to>mission-critical security features of the operating system.>>The vulnerability exists in versions of EvilAliens' Alien/OS 34762.12.1 or>later, and all versions of Microsoft's Windows/95. CERT advises against>initiating further planet takeover actions until patches are available>from these vendors. If planet takeover is absolutely necessary, CERT>advises that affected sites apply the workarounds as specified below.>>As we receive additional information relating to this advisory, we will>place it in>> ftp://info.cert.org/pub/cert_advisories/CA-96.13.README>>We encourage you to check our README files regularly for updates on>advisories that relate to your site.>>--------------------------------------------------------------------------->>I. Description>> Alien/OS contains a security vulnerability, which strangely enough> can be exploited by a primitive race running Windows/95. Although> Alien/OS has been extensively field tested over millions of years by> EvilAliens, Inc., the bug was only recently discovered during a> routine invasion of a backwater planet. EvilAliens notes that> the operating system had never before been tested against a race> with "such a kick-ass president.">> The vulnerability allows the insertion of executable code with> root access to key security features of the operating system. In> particular, such code can disable the NiftyGreenShield (tm)> subsystem, allowing child processes to be terminated by unauthorized> users.>> Additionally, Alien/OS networking protocols can provide a> low-bandwidth covert timing channel to a determined attacker.>>>II. Impact>> Non-privileged primitive users can cause the total destruction of> your entire invasion fleet and gain unauthorized access to> files.>>>III. Solution>> EvilAliens has supplied a workaround and a patch, as follows:>> A. Workaround>> To prevent unauthorized insertion of executables, install a> firewall to selectively vaporize incoming packets that do not> contain valid aliens. Also, disable the "Java" option in> Netscape.>> To eliminate the covert timing channel, remove untrusted> hosts from routing tables. As tempting as it is, do not use> target species' own satellites against them.>>> B. Patch>> As root, install the "evil" package from the distribution tape.>> (Optionally) save a copy of the existing /usr/bin/sendmail and> modify its permission to prevent misuse.>>>--------------------------------------------------------------------------->>The CERT Coordination Center thanks Jeff Goldblum and Fjkxdtssss for>providing information for this advisory.>>--------------------------------------------------------------------------->>>>>