mailing list archives
CERT Vendor-Initiated Bulletin VB-96.16 - Transarc Corp.
From: cert-advisory () cert org (CERT Bulletin)
Date: Tue, 17 Sep 1996 16:36:11 -0500
-----BEGIN PGP SIGNED MESSAGE-----
CERT(sm) Vendor-Initiated Bulletin VB-96.16
September 17, 1996
Topic: Solaris AFS/DFS Integrated login bug if user is in too many groups
Source: Transarc Corp.
To aid in the wide distribution of essential security information, the CERT
Coordination Center is forwarding the following information from Transarc
Corp. Transarc urges you to act on this information as soon as
possible. Transarc contact information is included in the forwarded text
below; please contact them if you have any questions or need further
=======================FORWARDED TEXT STARTS HERE============================
Topic: Solaris AFS/DFS Integrated login bug if user is in too many
Source: Transarc Corp.
Problem: Vulnerability in Transarc DCE Integrated login for sites
On systems running the DCE Distributed File System (DFS), users placed
in more than NGROUPS_MAX-1 (usually 15) groups in the DCE registry and
in /etc/group will have an incorrect grouplist upon login.
For systems running both AFS and DFS, this limit is reduced to
The vulnerability is caused by a change in the setgroups(2) system
call under DFS, which can cause it to fail when passed a large set of
supplementary groups. Thus, it can cause problems in
non-Transarc-supplied programs which use setgroups(2) if they do not
handle error conditions correctly.
Vulnerable products include Transarc DCE and DFS 1.1 for Solaris 2.4
and Solaris 2.5. This vulnerability is not present on sites not
running DFS (even if they are running AFS).
Users with accounts on the system may gain unauthorized access to
resources. Access to resources controlled by DCE/DFS is unaffected,
as the DCE PAC is correct.
Users without accounts on the system cannot take advantage of this
The following patches are available from Transarc:
DCE/DFS 1.1 for Solaris 2.4: patch 22
DCE/DFS 1.1 for Solaris 2.5: patch 2
A workaround is possible as well: simply ensure that no user is listed
in more than NGROUPS_MAX-3 groups in /etc/group (including the user's
primary group, which may not appear in /etc/group). With this
workaround, only the primary group and groups which appear in
/etc/group will appear in the grouplist upon login.
Contact Transarc customer support by telephone at 412-281-5852 or
via email (dfs-help () transarc com) for additional information or
IV. Other Platform Impact
HP has advised that this problem does not affect the HP product.
IBM has advised that this problem does not affect the IBM product.
========================FORWARDED TEXT ENDS HERE=============================
If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident Response
and Security Teams (FIRST).
We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact
the CERT staff for more information.
Location of CERT PGP key
CERT Contact Information
Email cert () cert org
Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST
(GMT-5)/EDT(GMT-4), and are on call for
emergencies during other hours.
Fax +1 412-268-6989
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
CERT publications, information about FIRST representatives, and other
security-related information are available from
CERT advisories and bulletins are also posted on the USENET newsgroup
To be added to our mailing list for CERT advisories and bulletins, send your
email address to
cert-advisory-request () cert org
CERT is a service mark of Carnegie Mellon University.
This file: ftp://info.cert.org/pub/cert_bulletins/VB-96.16.transarc
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----