Home page logo

bugtraq logo Bugtraq mailing list archives

CERT Vendor-Initiated Bulletin VB-96.16 - Transarc Corp.
From: cert-advisory () cert org (CERT Bulletin)
Date: Tue, 17 Sep 1996 16:36:11 -0500


CERT(sm) Vendor-Initiated Bulletin VB-96.16
September 17, 1996

Topic: Solaris AFS/DFS Integrated login bug if user is in too many groups
Source: Transarc Corp.

To aid in the wide distribution of essential security information, the CERT
Coordination Center is forwarding the following information from Transarc
Corp. Transarc urges you to act on this information as soon as
possible. Transarc contact information is included in the forwarded text
below; please contact them if you have any questions or need further

=======================FORWARDED TEXT STARTS HERE============================

- ----------------------------------------------------------------------

Topic:  Solaris AFS/DFS Integrated login bug if user is in too many
Source: Transarc Corp.
- --------------------------------

Problem: Vulnerability in Transarc DCE Integrated login for sites
running DFS

I. Description

On systems running the DCE Distributed File System (DFS), users placed
in more than NGROUPS_MAX-1 (usually 15) groups in the DCE registry and
in /etc/group will have an incorrect grouplist upon login.

For systems running both AFS and DFS, this limit is reduced to

The vulnerability is caused by a change in the setgroups(2) system
call under DFS, which can cause it to fail when passed a large set of
supplementary groups.  Thus, it can cause problems in
non-Transarc-supplied programs which use setgroups(2) if they do not
handle error conditions correctly.

Vulnerable products include Transarc DCE and DFS 1.1 for Solaris 2.4
and Solaris 2.5.  This vulnerability is not present on sites not
running DFS (even if they are running AFS).

II. Impact

Users with accounts on the system may gain unauthorized access to
resources.  Access to resources controlled by DCE/DFS is unaffected,
as the DCE PAC is correct.

Users without accounts on the system cannot take advantage of this

III. Solution

The following patches are available from Transarc:
        DCE/DFS 1.1 for Solaris 2.4:    patch 22
        DCE/DFS 1.1 for Solaris 2.5:    patch 2

A workaround is possible as well: simply ensure that no user is listed
in more than NGROUPS_MAX-3 groups in /etc/group (including the user's
primary group, which may not appear in /etc/group).  With this
workaround, only the primary group and groups which appear in
/etc/group will appear in the grouplist upon login.

Contact Transarc customer support by telephone at 412-281-5852 or
via email (dfs-help () transarc com) for additional information or

IV.  Other Platform Impact

HP has advised that this problem does not affect the HP product.
IBM has advised that this problem does not affect the IBM product.

========================FORWARDED TEXT ENDS HERE=============================

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident Response
and Security Teams (FIRST).

We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact
the CERT staff for more information.

Location of CERT PGP key

CERT Contact Information
- ------------------------
Email    cert () cert org

Phone    +1 412-268-7090 (24-hour hotline)
                CERT personnel answer 8:30-5:00 p.m. EST
                (GMT-5)/EDT(GMT-4), and are on call for
                emergencies during other hours.

Fax      +1 412-268-6989

Postal address
        CERT Coordination Center
        Software Engineering Institute
        Carnegie Mellon University
        Pittsburgh PA 15213-3890

CERT publications, information about FIRST representatives, and other
security-related information are available from

CERT advisories and bulletins are also posted on the USENET newsgroup

To be added to our mailing list for CERT advisories and bulletins, send your
email address to
        cert-advisory-request () cert org

CERT is a service mark of Carnegie Mellon University.

This file: ftp://info.cert.org/pub/cert_bulletins/VB-96.16.transarc

Version: 2.6.2


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]