CERT^® Advisory CA-1991-21 NFS Jumbo Patch, SunOS 4.1

A complete revision history is at the end of this file.

The Computer Emergency Response Team/Coordination Center (CERT/CC) has received information concerning several vulnerabilities in Sun Microsystems, Inc. (Sun) Network File System (NFS) and the fsirand program. These vulnerabilities affect SunOS versions 4.1.1, 4.1, and 4.0.3 on all architectures.

Sun has provided separate patches for these vulnerabilities for SunOS 4.1.1, and has provided an initial patch for SunOS 4.1. Sun will be providing complete patches for 4.1 and 4.0.3 at a later date. On SunOS 4.1.1 systems, Sun states that patch 100173-07 must be installed before patch 100424-1. The patches are available through your local Sun Answer Centers worldwide as well as through anonymous ftp from the ftp.uu.net (192.48.96.2) system in the /sun-dist directory.

Fix                        PatchID        Filename            Checksum
NFS Jumbo 4.1.1            100173-07      100173-07.tar.Z     07044   209
NFS Jumbo 4.1              100121-08      100121-08.tar.Z     61464   287
fsirand 4.1.1              100424-01      100424-01.tar.Z     63070    50

Sun recommends that sites upgrade to SunOS 4.1.1 to benefit from the security improvements. In addition, they recommend the installation of all security-related patches applicable to the version of SunOS that you are running.

A general NFS security note: due to security flaws in the protocol, the CERT/CC recommends filtering SunRPC and NFS IP packets (sockets 111 and 2049) between the local network and the Internet. This will prevent intruders outside your local network from accessing your files.

NFS Jumbo Patch, SunOS 4.1.1

I. Description

This patch fixes several SunOS NFS bugs (not all security-related). The patch file, 100173-07.tar.Z, contains fixes for SunOS version 4.1.1. The BugIDs fixed in this patch are:

1039977 1032959 1029628 1037476 1038302 1034328 1045536 1030884 1045993
1047557 1052330 1053679 1041409 1065361 1066287 1064433 1070654

II. Impact

These vulnerabilities (and bugs) have multiple impacts, including crashing the system, allowing unauthorized system access, and causing a problem with file group ownership.

III. Solution

Obtain the patch from Sun or from ftp.uu.net and install, following the provided instructions, with the following exception:

line 112 of the README file currently reads:

    mv /sys/`arch -k`/OBJ/nfs_subr.o /sys/arch -k`/OBJ/nfs_subr.o.FCS
                                          ^^^^^^^^

    mv /sys/`arch -k`/OBJ/nfs_subr.o /sys/`arch -k`/OBJ/nfs_subr.o.FCS
                                          ^^^^^^^^^

NFS Jumbo Patch, SunOS 4.1

I. Description

This patch fixes several SunOS NFS bugs (not all security-related). The patch file, 100121-08.tar.Z, contains fixes for SunOS version 4.1. The BugIDs fixed in this patch are:

1026933 1034007 1039977 1029628 1037476 1038327 1038302
1034328 1045536 1045993 1047557 1030884 1052330 1053679

II. Impact

These vulnerabilities (and bugs) have multiple impacts, including crashing the system, allowing unauthorized system access, and causing a problem with file group ownership.

III. Solution

Obtain the patch from Sun or from ftp.uu.net and install, following the provided instructions.

fsirand, SunOS 4.1.1

I. Description

A security vulnerability exists in SunOS NFS relating to the way in which it allocates file handles. The patch file, 100424-01.tar.Z, contains a fix for SunOS version 4.1.1. The BugID fixed in this patch is 1063470.

II. Impact

The fsirand program could allow a remote system user to guess NFS file handles, thereby potentially allowing them to mount and access your NFS file systems.

III. Solution

Obtain the patch from Sun or from ftp.uu.net and install, following the provided instructions. You must install PatchID 100173-07 before installing this patch.

CERT/CC Contact Information

Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:

CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from

http://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more information.

Getting security information

CERT publications and other security information are available from our web site

http://www.cert.org/

* "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.

NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.

Copyright 1991 Carnegie Mellon University.

September 18, 1997  Attached Copyright Statement