CERT
 
Publications Catalog Historical Documents Authorized Users of "CERT" US-CERT Vulnerability Notes Database Vulnerability Disclosure Policy Courses Link to US-CERT cylab
 

CERT® Advisory CA-1993-13 SCO Home Directory Vulnerability

Original issue date: September 17, 1993
Last revised: September 19, 1997
Attached copyright statement

A complete revision history is at the end of this file.

The CERT Coordination Center has received information indicating that SCO Operating Systems may be vulnerable to a potential compromise of system security. This vulnerability allows unauthorized access to the "dos" and "asg" accounts, and, as a result of this access, unauthorized access to the "root" account may also occur.

The following releases of SCO products are affected by this vulnerability: 

     SCO UNIX System V/386 Release 3.2 Operating System
     SCO UNIX System V/386 Release 3.2 Operating System Version 2.0
     SCO UNIX System V/386 Release 3.2 Operating System version 4.x
     SCO UNIX System V/386 Release 3.2 Operating System Version 4.0 with
         Maintenance Supplement Version 4.1 and/or Version 4.2
     SCO Network Bundle Release 4.x
     SCO Open Desktop Release 1.x
     SCO Open Desktop Release 2.0
     SCO Open Desktop Lite Release 3.0
     SCO Open Desktop Release 3.0
     SCO Open Server Network System Release 3.0
     SCO Open Server Enterprise System Release 3.0

CERT and The Santa Cruz Operation recommend that all sites using these SCO products take action to eliminate the source of vulnerability from their systems. This problem will be corrected in upcoming releases of SCO operating systems.

I. Description

The home directories of the users "dos" and "asg" are /tmp and /usr/tmp respectively. These directories are designed to have global write permission.

II. Impact

This vulnerability may allow unauthorized users to gain access to these accounts. This vulnerability may also corrupt certain binaries in the system and thus prevent regular users from running them, as well as introduce a potential for unauthorized root access.

III. Solution

All affected sites should follow these instructions:

  1. Log onto the system as "root"
  2. Choose the following sequence of menu selections from the System Administration Shell, which is invoked by typing "sysadmsh" 

    a. Accounts-->User-->Examine-->
   [select the "dos" account] -->Identity
   -->Home directory-->Create-->Path-->
   [change it to /usr/dos instead of /tmp]--> confirm

b. Accounts-->User-->Examine-->
   [select the "asg" account] -->Identity
   -->Home directory-->Create-->Path-->
   [change it to /usr/asg instead of /usr/tmp]--> confirm

  3. If DOS binaries have been modified, or sites are unable to determine if modification has occurred, we strongly recommend removing and reinstalling the DOS package of the Operating System Extended Utilities. This can be done using custom(ADM).

    Sites may also want to check their systems for signs of further compromise. This can be facilitated through the use of programs such as COPS. Other security advice and suggestions can be found in CERT's security checklist. This checklist may be obtained through anonymous FTP from cert.org in pub/tech_tips/security_info.

    Note: COPS may be obtained from many sites, including via anonymous FTP from cert.org in the pub/tools directory.

If you have further questions about this issue, please contact SCO Support and ask for more information concerning this CERT advisory, CA-93.13, "SCO Home Directory Vulnerability."

Electronic mail: support@sco.COM

USA/Canada: 6am-5pm Pacific Daylight Time (PDT)

1-800-347-4381 (voice)
1-408-427-5443 (fax)

Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific (PDT)

1-408-425-4726 (voice)
1-408-427-5443 (fax)

Europe, Middle East, Africa: 9am-5:30pm British Standard Time (BST)

+44 (0)923 816344 (voice)
+44 (0)923 817781 (fax)

The CERT Coordination Center wishes to thank Christopher Durham of the Santa Cruz Operation for reporting this problem and his assistance in responding to this problem.
This document is available from: http://www.cert.org/advisories/CA-1993-13.html

CERT/CC Contact Information

Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from

If you prefer to use DES, please call the CERT hotline for more information.

Getting security information

CERT publications and other security information are available from our web site

* "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.

NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.

Conditions for use, disclaimers, and sponsorship information

Copyright 1993 Carnegie Mellon University.

Revision History 
September 19,1997   Attached Copyright Statement