SUN MICROSYSTEMS SECURITY BULLETIN: #00112 This information is only to be used for the purpose of alerting customers to problems. Any other use or re-broadcast of this information without the express written consent of Sun Microsystems shall be prohibited. Sun expressly disclaims all liability for any misuse of this information by any third party. --------------------------------------------------------------------------- All patches listed are available through your local Sun answer centers worldwide as well as through anonymous ftp to ftp.uu.net. In the US on ~ftp/sun-dist directory and in Europe on mcsun.eu.net on ~ftp/sun/fixes directory. Please refer to the BugID and PatchID when requesting patches from Sun answer centers. Please refer to the information below for additional information. -------------------------------------------------------------------------- Sun Bug ID : 1063470 Synopsis : SunOS 4.1.1 fsirand (random number generator) program could potentially allow the guessing of NFS file handles. The patched version of fsirand has been enhanced to provide greater randomness to the random number generator's seed. Sun Patch ID: 100424-01 Checksum of compressed tarfile 100424-01.tar.Z on ftp.uu.net = 63070 50 This patch should only be applied in conjunction with the latest version of the NFS jumbo patch, currently 100173-07 for SunOS 4.1.1. The NFS jumbo patch must be applied before the fsirand patch. NFS jumbo and fsirand patches are being developed and tested for SunOS 4.0.3 and 4.1. An announcement will be made when these patches are available. In order to maintain a level of minimum security requirements on your Sun gateway systems, please note the suggestions that follow. Users may also wish to follow the advice given below for their other file servers that may be connected to potentially untrusted machines over a network. Sun recommends that you upgrade your version of SunOS to the most recent available (currently SunOS 4.1.1), since many improvements to the security of your system have been integrated into the most recent base operating system. In addition, you should install all security related patches applicable to your current version of SunOS. Sun suggests that you apply this patch and the NFS jumbo patch to your server if it is a gateway machine or if it exports critical file systems and is accessible across a potentially untrusted network (e.g. the Internet). Please refer to the README of patch 100424-01 for additional details. The fsirand fixes have been incorporated into SYS_V Rel 4. After applying this patch, /usr/etc/fsirand (see man page fsirand(8)) should be run on all potentially exportable partitions. Follow this with a system reboot to complete the installation of random inode generation numbers. Gateway machines should also apply Patch-ID# 100296-02, which fixes the mountd problem that allows an unprivileged client to take advantage of character strings in /etc/hosts and /etc/netgroup that are equal to or greater than 256. It is also strongly advised that /etc/exports (exports(5)) files on servers be examined and modified, if necessary, to permit only the level of file sharing that is necessary. The exports(5) file allows an administrator to limit the access (and type of access) of exported directories to specific client machines. For example, a directory can be exported read-only and root access can be granted to a specified set of clients only. Sun would like to thank Hans van Staveren, Leendert van Doorn, and Gene Spafford for bringing this problem to our attention. Kenneth L. Pon Sun Microsystems Software Security Coordinator