Really serious security hole in Microport Unix (Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386)

Really serious security hole in Microport Unix (Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386)

Post by Bil » Fri, 15 Feb 1991 02:03:16

[I've crossposted this widely because there should be a lot of
people who care about this; however, I've directed followups to

Interactive's Unix isn't the only one with a really serious
security hole. Microport 3.0e, and possibly others from
Microport, has an equally awful hole and it is unfixable without
kernel hacking. Microport knows about it since I told them about
it; I don't know what, if anything, they are going to do about it.

If anyone out there wants information on this bug, I will send it
to you. Also, I have created a replacement for the offending
kernel module of 3.0e and can send that. However, I will only

your site is reasonably secure. If you are at the end of an
insecure (in my opinion, and I won't change it) path and you still
want this information, I will arrange a direct uucp connection to
send it. If that won't work, I'll try to arrange something.

I won't immediately describe the bug on the net in order to give
admins a chance to fix their systems before the crackers get a
whack at it. I can't even describe the general area that this bug
compromises without making it too easy to trigger it.

In a few weeks, after the expected deluge of "what *is* that bug"
messages, I will post the informational message I'm sending out.


Consider said various vicious and incendiary comments about brain
dead programmers and inadequate QA. These bugs should *never*
have made it out the door and, having done so, they should never
have lasted as long as they have. Of course, we can't blame the
guys at Interactive and Microport too much; they have had the
example (and largely uncomment code) of those guys who gave us
the still unfixed (or so I hear) System V inode bug.


1. Security from outside call-ins

I am on a Sun 3/260 running SunOS3.5.  Plugged into Serial Port A
I have a Microcom AX/2400 modem.  Some of the users at my site are
so dedicated that they actually want to be able to do some work
while they are home by way of calling in on their modems! (Can
you believe it?)  

Here's the question:  They (the users) have told me of other
systems they have been on (I believe Vax's) where they were
prompted to enter a system password before they were even asked for
thier own.  This could be some cryptic type of combination of
letters and numbers, making it almost impossible for the average
hacker to break. Anyone have ideas on how I could incorporate this
into my passwd file, but only having it prompt those who are dialing
in on the modem?  This could get to be a real pain if they had to
respond to another password everytime they logged in from a work-
station here at work.  

Then, once the caller successfully types in the system password,
they would still have to enter their own password.  Is such a
thing possible?  Thanks.
Don Cox :=)
UUCP: ..!rutgers!rochester!kodak!fedsys!scotty!dec
DISCLAIMER: The opinions expressed are mine and not of my employer.

2. ppp won't ifconfig ppp interface

3. Unix Plug-ins?

4. 425 Can't build data connection: Connection refused

5. Remote unix (RS/6000) servers with dial-ins

6. (FORWARD) René Scharfe: [PATCH] MSDOS filesystem option mistreatment

7. Unix Libraries Ins/Outs

8. Number of Seconds Since Epoch? <sec>

9. Serious Linux DOSEMU security hole!

10. Does uemacs really work ins SysV.2?

11. and frequently asked questions