PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
{ISSO}, SPECIAL SECURITY OFFICER {SSO}, INFORMATION RESOURCE MANAGER
{IRM} AND AUTOMATED DATA PROCESSOR {ADP} COORDINATORS
U-1,232/DS-SIM {DCPO}
SUBJ:  SUNOS NIS VULNERABILITY {AUTOMATED SYSTEMS SECURITY INCIDENT
SUPPORT TEAM {ASSIST} 92-39}
1.  DISCUSSION:  THIS IS A PRIORITY ALERT THAT INTERRUPTS THE
SEQUENCE OF THE BASELINE PACKAGE OF MESSAGES CURRENTLY BEING ISSUED
BY ASSIST.  ASSIST HAS RECEIVED INFORMATION CONCERNING SEVERAL
VULNERABILITIES WITH NIS UNDER SUN MICROSYSTEMS, INC. SUNOS.  THESE
VULNERABILITIES EXIST IN NIS UNDER SUNOS 4.1, 4.1.1, AND 4.1.2, AND
MAY OR MAY NOT EXIST IN EARLIER VERSIONS OF NIS.  THE SECURITY
VULNERABILITY EXISTS UNDER NIS AND COULD ALLOW UNAUTHORIZED ACCESS
TO NIS INFORMATION.  A USER ON A REMOTE HOST CAN OBTAIN COPIES OF
THE NIS MAPS FROM A SYSTEM RUNNING NIS.  THE REMOTE USER CAN ATTEMPT
TO GUESS PASSWORDS FOR THE SYSTEM USING THE OBTAINED NIS PASSWORD
MAP INFORMATION.  
2.  SUN HAS PROVIDED FIXES FOR SUNOS 4.1, 4.1.1, AND 4.1.2 FOR THESE
VULNERABILITIES.  THE PATCH FILE CONTAINING THESE FIXES IS AVAILABLE
THROUGH YOUR LOCAL SUN ANSWER CENTER AND THROUGH ANONYMOUS FTP. 
NOTE THAT THESE FIXES WILL PROBABLY NOT BE COMPATIBLE WITH SUNOS
4.0.3 AND EARLIER VERSIONS OF THE OPERATING SYSTEM.
FIX                  PATCHID    FILENAME         CHECKSUM
/USR/ETC/{YPSERV,    100482-2   100482-02.TAR.Z  53416  284  
YPXFRD,PORTMAP}
PLEASE NOTE THAT SUN WILL OCCASIONALLY UPDATE PATCH FILES.  IN THE
US, FTP TO FTP.UU.NET AND RETRIEVE THE PATCH FROM THE DIRECTORY
{TILDA}FTP/SYSTEMS/SUN/SUN-DIST.  IN EUROPE, FTP TO MCSUN.EU.NET
AND RETRIEVE THE PATCH FROM THE {TILDA}FTP/SUN/FIXES DIRECTORY. 
THE PATCH MUST BE RETRIEVED IN BINARY MODE, THEN UNCOMPRESSED ON
THE LOCAL SYSTEM.  THE CHECKSUM OF THE COMPRESSED TARFILE
100482-02.TAR.Z ON FTP.UU.NET IS 53416 284.  THIS PATCH INCLUDES
NEW VERSIONS OF THE UTILITIES YPSERV, YPXFRD, AND PORTMAP.  TO
INSTALL THE PATCH ON YOUR SYSTEM, FOLLOW THE INSTRUCTIONS AVAILABLE
IN THE README FILE WHICH ACCOMPANIES THE PATCH..  IF YOU FIND THAT
THE CHECKSUM IS DIFFERENT, PLEASE CONTACT SUN OR THE 
CERT/CC FOR VERIFICATION.
3.  RECOMMENDATIONS:  OBTAIN AND INSTALL THE PATCH FROM SUN OR FROM
FTP.UU.NET AND FOLLOW THE INSTRUCTIONS PROVIDED IN THE PATCH
"README" FILE.  
A.  AS ROOT, RENAME THE EXISTING VERSIONS OF
/USR/ETC/{YPSERV,YPXFRD,PORTMAP} AND MODIFY THE PERMISSIONS TO
PREVENT MISUSE:
MV /USR/ETC/YPSERV /USR/ETC/YPSERV.ORIG
MV /USR/ETC/YPXFRD /USR/ETC/YPXFRD.ORIG
MV /USR/ETC/PORTMAP /USR/ETC/PORTMAP.ORIG
CHMOD 0400 /USR/ETC/YPSERV.ORIG 
CHMOD 0400 /USR/ETC/YPXFRD.ORIG
CHMOD 0400 /USR/ETC/PORTMAP.ORIG
B. COPY THE NEW BINARIES INTO THE /USR/ETC DIRECTORY:
CP `ARCH`/{4.1, 4.1.1, 4.1.2}/YPSERV /USR/ETC/YPSERV
CP `ARCH`/{4.1, 4.1.1, 4.1.2}/YPXFRD /USR/ETC/YPXFRD
CP `ARCH`/{4.1, 4.1.1, 4.1.2}/PORTMAP /USR/ETC/PORTMAP
CHOWN ROOT /USR/ETC/YPSERV /USR/ETC/YPXFRD /USR/ETC/PORTMAP
CHMOD 755 /USR/ETC/YPSERV /USR/ETC/YPXFRD /USR/ETC/PORTMAP
C. COPY THE SECURENETS FILE TO THE /VAR/YP DIRECTORY.  ANY SITE 
THAT HAS AN EXISTING /VAR/YP/SECURENETS FILE SHOULD RENAME IT PRIOR
COPYING THE NEW VERSION OF THE FILE.
CP `ARCH`/{4.1, 4.1.1, 4.1.2}/SECURENETS /VAR/YP
CHOWN ROOT /VAR/YP/SECURENETS
CHMOD 644 /VAR/YP/SECURENETS
D.  EDIT THE /VAR/YP/SECURENETS FILE TO REFLECT THE CORRECT
CONFIGURATION FOR YOUR SITE.
4.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
MIKE HIGGINS, COMM {202} 373-8852/55 OR DSN 243-8852/55.  ASSIST
CAN BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER {800} SKY-PAGE,
PIN NUMBER 2133937 {FROM A TOUCH TONE PHONE ENTER THE CALL BACK
NUMBER AFTER THE PROMPT} OR AUTOVON DIAL 243-8000 AND ASK TO HAVE
THE ASSIST DUTY OFFICER PAGED.  ASSIST CAN BE REACHED VIA E-MAIL AT
"DOD-CERT{AT-SIGN}DDN-CONUS.DDN.MIL."