Date: Tue, 09 Jul 1996 16:32:38 -0600 From: Darren Davis <DARREND@novell.com> To: hackers@FreeBSD.org Subject: FW: CERT Advisory CA-96.13 - Alien/OS Vulnerability (fwd) Message-ID: <s1e287f3.035@novell.com>
next in thread | raw e-mail | index | archive | help
Subject: CERT Advisory CA-96.13 - Alien/OS Vulnerability (fwd)>CERT(sm) Advisory CA-96.13>July 4, 1996>>Topic: ID4 virus, Alien/OS Vulnerability>>--------------------------------------------------------------------------->>The CERT Coordination Center has received reports of weaknesses in>Alien/OS that can allow species with primitive information sciences>technology to initiate denial-of-service attacks against MotherShip(tm)>hosts. One report of exploitation of this bug has been received.>>When attempting takeover of planets inhabited by such races, a trojan>horse attack is possible that permits local access to the MotherShip host,>enabling the implantation of executable code with full root access to>mission-critical security features of the operating system.>>The vulnerability exists in versions of EvilAliens' Alien/OS 34762.12.1 or>later, and all versions of Microsoft's Windows/95. CERT advises against>initiating further planet takeover actions until patches are available>from these vendors. If planet takeover is absolutely necessary, CERT>advises that affected sites apply the workarounds as specified below.>>As we receive additional information relating to this advisory, we will>place it in>> ftp://info.cert.org/pub/cert_advisories/CA-96.13.README>>We encourage you to check our README files regularly for updates on>advisories that relate to your site.>>--------------------------------------------------------------------------->>I. Description>> Alien/OS contains a security vulnerability, which strangely enough> can be exploited by a primitive race running Windows/95. Although> Alien/OS has been extensively field tested over millions of years by> EvilAliens, Inc., the bug was only recently discovered during a> routine invasion of a backwater planet. EvilAliens notes that> the operating system had never before been tested against a race> with "such a kick-ass president.">> The vulnerability allows the insertion of executable code with> root access to key security features of the operating system. In> particular, such code can disable the NiftyGreenShield (tm)> subsystem, allowing child processes to be terminated by unauthorized> users.>> Additionally, Alien/OS networking protocols can provide a> low-bandwidth covert timing channel to a determined attacker.>>>II. Impact>> Non-privileged primitive users can cause the total destruction of> your entire invasion fleet and gain unauthorized access to> files.>>>III. Solution>> EvilAliens has supplied a workaround and a patch, as follows:>> A. Workaround>> To prevent unauthorized insertion of executables, install a> firewall to selectively vaporize incoming packets that do not> contain valid aliens. Also, disable the "Java" option in> Netscape.>> To eliminate the covert timing channel, remove untrusted> hosts from routing tables. As tempting as it is, do not use> target species' own satellites against them.>>> B. Patch>> As root, install the "evil" package from the distribution tape.>> (Optionally) save a copy of the existing /usr/bin/sendmail and> modify its permission to prevent misuse.>>>--------------------------------------------------------------------------->>The CERT Coordination Center thanks Jeff Goldblum and Fjkxdtssss for>providing information for this advisory.>>--------------------------------------------------------------------------->>>>>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?s1e287f3.035>