SSRT0583Q_40D_BL11 Compaq Computer Corporation Advisory TITLE: Tru64 UNIX V4.0 through V4.0e

TITLE: SSRT0583Q_40D_BL11 Compaq Computer Corporation Advisory
 
Copyright (c) Compaq Computer Corporation 1999.  All rights reserved.


UPDATE:                                         APR 22,  1999


  TITLE: Tru64 UNIX V4.0 through V4.0e
         - Potential Security Vulnerability - ref#: SSRT0583Q
 	"Executable stacks allow suid applications to exploit
	 security hole"         

  SOURCE: Compaq Computer Corporation
          Software Security Response Team 

 "Compaq is broadly distributing this Security Advisory in order
 to bring to the attention of users of Compaq products the
 important security information contained in this Advisory. 
 Compaq recommends that all users determine the applicability of
 this information to their individual situations and take
 appropriate action.

 Compaq does not warrant that this information is necessarily
 accurate or complete for all user situations and, consequently,
 Compaq will not be responsible for any damages resulting from
 user's use or disregard of the information provided in this
 Advisory."

----------------------------------------------------------------------
IMPACT:
                                                                       
 A potential vulnerability caused by suid application stacks being 
 executable could allow non-authorized users to exploit a buffer-
 overrun flaw in applications such as "at" and "inc". 
  
----------------------------------------------------------------------
RESOLUTION:

 This potential security problem has been resolved and a
 patch for this problem has been made available for 
 V4.0 through V4.0E.    
	
 *This solution will be included in the next distributed release of 
  Compaq's DIGITAL UNIX.  Also, the patch will be in the next base 
  level (BL12) of the setld patch kits.

  This patch may be obtained from the World Wide Web at the
  following address:

	http://www.support.compaq.com/patches
	
	Use the browse access option, select  DIGITAL_UNIX directory
	then choose the appropriate version directory and
	download the patch accordingly.
 
	NOTE: V4.0 and V4.0A are only available by contacting your 
                 normal Compaq Services support channel.

	PATCH ID:
	Compaq  Digital UNIX V4.0B       ssrt0583q_v40b_BL11.tar.Z
	Compaq  Digital UNIX V4.0C       ssrt0583q_v40c_BL11.tar.Z
	Compaq  Digital UNIX V4.0D       ssrt0583q_v40d_BL11.tar.Z
	Compaq Tru64 / UNIX V4.0E        ssrt0583q_v40e_BL1.tar.Z



NOTE: Prior to installing this patch you must have the following patches 
      installed on your system: 

        DIGITAL UNIX V4.0 -- Patch Kit 6 (BL9) 
        DIGITAL UNIX V4.0A -- Patch Kit 7 (BL10) 
        DIGITAL UNIX V4.0B -- Patch Kit 9 (BL11) 
        DIGITAL UNIX V4.0C -- Patch Kit 6 (BL11) 
        DIGITAL UNIX V4.0D -- Patch Kit 3 (BL11) 
        DIGITAL UNIX V4.0E -- Patch Kit 1 (BL1) 

        INSTALLATION INSTRUCTIONS: 

        cp /sys/BINARY/std_kern.mod /sys/BINARY/std_kern.mod_orig 
        cp ./std_kern.mod /sys/BINARY/std_kern.mod 
        chmod 0644 /sys/BINARY/std_kern.mod 
        chown bin:bin /sys/BINARY/std_kern.mod 
        cp /sys/BINARY/proc.mod /sys/BINARY/proc.mod_orig 
        cp ./proc.mod /sys/BINARY/proc.mod 
        chmod 0644 /sys/BINARY/proc.mod 
        chown bin:bin /sys/BINARY/proc.mod 

        Rebuild the kernel. 
  

   ADDITIONAL COMMENTS: 

        This solution will default to making the stack of all suid 
        programs to be not executable, hence closing the security hole. 
        However, please be aware that any user applications which rely 
        on the stack being executable will fail.  For situations where 
        the machines are being used behind firewalls and are not in fear 
        of security violations, you may explicitly turn this option off. 
        Meaning you may allow the stack of suid programs to be executable. 

        Changing from default (not executable) to executable: 
  

                1. add the following two lines to /etc/sysconfigtab: 

                proc:
 
                executable_stack = 1 

                OR 

                2. changing the executable_stack parameter from the 
                   command line as follows: 

                # sysconfig -r proc executable_stack=1 

        To reiterate, if you don't change the executable_stack parameter 
        explicitly (as shown by the two examples above) then the stack 
        for all suid programs will be, not executable. 

 
  Additional Considerations:
 
   If you believe you have, or aren't sure if you have, previously
   installed a patch to any of these modules you should contact your
   normal Compaq Service channel.
	
   Also, if you need further information, please contact your normal 
   Compaq Services support channel.

   Compaq appreciates your cooperation and patience. We regret any
   inconvenience applying this information may cause.

   As always, Compaq urges you to periodically review your system
   management and security procedures. 

   Compaq will continue to review and enhance the security
   features of its products and work with customers to maintain and
   improve the security and integrity of their systems.

  ____________________________________________________________  
  Copyright (c) Compaq Computer Corporation, 1999 All
  Rights Reserved.
  Unpublished Rights Reserved Under The Copyright Laws Of
  The United States.
  ____________________________________________________________

Files on this server are as follows:

»ssrt0583q_40d_bl11.README
»ssrt0583q_40d_bl11.CHKSUM
»ssrt0583q_40d_bl11.tar.Z