PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICE
{ISSO}, SPECIAL SECURITY OFFICER {SSO}, INFORMATION RESOURCE
MANAGER {IRM} AND AUTOMATED DATA PROCESSOR {ADP} COORDINATORS
U-1,289/DS-SIM {DCPO}
SUBJ:  LATEST SECURITY MODS FOR CRAY UNICOS {AUTOMATED SYSTEMS
SECURITY INCIDENT SUPPORT TEAM {ASSIST} 92-50}
1.  PROBLEM:  CRAY RESEARCH INCORPORATED HAS BEEN WORKING ON THE
RESOLUTION OF SEVERAL CRITICAL SECURITY HOLES IN THE CRAY UNICOS
OPERATING SYSTEM.  SECURITY HOLES EXIST IN CLEANTMP, CRON, MAIL,
NFS/AUTOMOUNT, AND MLS REXEC/REMSH/RSHD THAT COULD ALLOW
UNAUTHORIZED SYSTEM PRIVILEGES TO NON-PRIVILEGED USERS.  MORE
EXPLICIT INFORMATION ON THESE PROBLEMS CAN BE FOUND IN CRAY FIELD
ALERTS #122 ADDENDUM, #123 ADDENDUM, AND #126 OR BY CONTACTING
CRAY DIRECTLY.  THE MODS LISTED BELOW ARE CRAY BINARY FILES
AVAILABLE TO CORRECT EACH PROBLEM DESCRIBED.  A VALID USER ON
CRAYAMID.CRAY.COM CAN USE THE FTP "PUT" COMMAND TO TRANSFER MODS
TO ANOTHER SYSTEM.  NOTE THAT CRAYAMID.CRAY.COM DOES NOT SUPPORT 
THE FTP "GET" COMMAND.  ALTERNATIVELY, CONTACT YOUR CRAY SUPPORT
REPRESENTATIVE TO FACILITATE ACCESS TO THE APPROPRIATE MODS.  MODS
ARE AVAILABLE ON CRAYAMID.CRAY.COM IN THE SPECIFIED FILE AND
DIRECTORY.  EACH UNICOS MOD HAS A UNIQUE IDENTIFICATION AND MAY BE
SPECIFIC TO A PARTICULAR VERSION OF THE UNICOS OPERATING SYSTEM. 
UNLESS OTHERWISE STATED, THE MOD WILL APPLY TO THE ENTIRE FAMILY
OF CRAY HARDWARE, INCLUDING CRAY-1, X-MP, Y-MP, AND CRAY-2.
2.  CRAY SPR 45292 - CLEANTMP ALLOWS ANY USER TO REMOVE ANY FILE.
REFERENCE CRAY FIELD ALERT NO. 123 - ADDENDUM.
UNICOS VERSION      CRAY MOD NO.    CRAYAMID DIRECTORY
    5.1            D20705CMDA  /U/MODS/UNICOS.COMMON/5.1/CMD
    6.0            60CMD21458A /U/MODS/UNICOS.COMMON/6.0/CMD
    6.1            6ECMD21458A /U/MODS/UNICOS.COMMON/6.1/CMD
3.  CRAY SPR 45753 - CRON ALLOWS ANY USER TO READ PROTECTED FILES. 
REFERENCE CRAY FIELD ALERT NO. 123 - ADDENDUM.
UNICOS VERSION        CRAY MOD NO.  CRAYAMID DIRECTORY
    5.11              CMD22270C,    /U/MODS/UNICOS.COMMON/5.1/CMD
                      51CMD22562D
    6.0               CMD22671C     /U/MODS/UNICOS.COMMON/6.0/CMD
    6.1               6ECMD22671A   /U/MODS/UNICOS.COMMON/6.1/CMD
4.  CRAY SPR 45743 - /BIN/MAIL ALLOWS USERS TO READ PROTECTED
FILES REFERENCE CRAY FIELD ALERT NO. 123 - ADDENDUM.
UNICOS VERSION       CRAY MOD NO.   CRAYAMID DIRECTORY
    5.1              51CMD22391B    /U/MODS/UNICOS.COMMON/5.1/CMD
    6.0              60CMD22391A    /U/MODS/UNICOS.COMMON/6.0/CMD
    6.1              6ECMD22391A    /U/MODS/UNICOS.COMMON/6.1/CMD
5.  CRAY SPR 45455 - PORTMAP ALLOWS FORWARDING OF MOUNT REQUESTS  
REFERENCE CRAY FIELD ALERT NO. 122, NO. 122 - ADDENDUM.  CRAY
FIELD ALERT NO. 122 DISCUSSES HOW ONE CAN OBTAIN A FILE HANDLE AND
ACCESS FILES FROM AN UNAUTHORIZED MACHINE USING NFS.  THE
FOLLOWING MODS CLOSED THIS VULNERABILITY BY MODIFYING PORTMAP TO
DISABLE THE FORWARDING OF MOUNT REQUESTS ON A SERVER:
UNICOS VERSION        CRAY MOD NO.  CRAYAMID DIRECTORY
    5.1               D20688RPCA    /U/MODS/NFS/5.1
    6.0               60RPC22343A   /U/MODS/RPC/6.0
    6.1               6ERPC22329A   /U/MODS/RPC/6.1
HOWEVER, THE ABOVE MODS MAY AFFECT RPC APPLICATIONS THAT DEPEND ON
PORTMAP TO FORWARD THEIR RPC REQUESTS TO MOUNTD.  ONE OF THESE
APPLICATIONS IS THE AUTOMOUNT COMMAND, WHICH WILL NOT WORK IF THE
MOD FROM FIELD ALERT NO. 122 IS INSTALLED.  THE APPROPRIATE MODS 
TO ALLOW AUTOMOUNT TO WORK FOR CRAY NFS CLIENTS IS GIVEN BELOW. 
FOR NON-CRAY SYSTEMS, CONTACT YOUR VENDOR SPECIFIC TECHNICAL
SUPPORT REPRESENTATIVE TO OBTAIN A VERSION OF THE AUTOMOUNTER THAT
DOES NOT MAKE ITS REQUESTS VIA PORTMAP.  {NOTE THAT THE SUNOS 4.1
VERSION OF AUTOMOUNT ALREADY CONTAINS THIS FIX.}  REFER TO CRAY
FIELD ALERT NO. 122 - ADDENDUM FOR MORE INFORMATION.
UNICOS VERSION       CRAY MOD NO.   CRAYAMID DIRECTORY
    5.1              NONE, AUTOMOUNTER NOT SUPPORTED IN RELEASE   
     5.1
    6.0              60NFS23984A    /U/MODS/NFS/6.0
    6.1              6ENFS23984A    /U/MODS/NFS/6.E
6.  CRAY SPR 45405 - RSHD UNDER UNICOS MLS GRANTS UNAUTHORIZED MLS
PRIVILEGES CRAY SPR 46445 - REMSH/REXEC ALLOWS USERS TO OBTAIN
PERMITS, LEVELS, AND COMPARTMENTS NOT IN THE UDB REFERENCE CRAY
FIELD ALERT NO. 126
UNICOS VERSION       CRAY MOD NO.   CRAYAMID DIRECTORY
    5.1              E20716TCPA,    /U/MODS/TCP{UNDERSCORE SIGN)IP
                     E20717CMDA
    6.0              60TCP21801A    /U/MODS/TCP{UNDERSCORE SIGN}IP
    6.1              6ETCP21801A    /U/MODS/TCP{UNDERSCORE SIGN}IP
ASSIST RECOMMENDS THAT YOU UPGRADE YOUR VERSION OF UNICOS TO THE
MOST RECENT AVAILABLE, SINCE MANY IMPROVEMENTS TO THE SECURITY OF
YOUR SYSTEM HAVE BEEN INTEGRATED INTO THE MOST RECENT BASE
OPERATING SYSTEM.  IN ADDITION, YOU SHOULD INSTALL ALL MODS
{LISTED ABOVE} APPROPRIATE TO YOUR UNICOS SYSTEM.
7.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
MIKE HIGGINS, COMM {202} 373-8852/55 OR DSN 243-8852/55.  ASSIST
CAN BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER {800} SKY-PAGE,
PIN NUMBER 2133937 {FROM A TOUCH TONE PHONE ENTER THE CALL BACK
NUMBER AFTER THE PROMPT} OR AUTOVON DIAL 243-8000 AND ASK TO HAVE
THE ASSIST DUTY OFFICER PAGED.  ASSIST CAN BE REACHED VIA E-MAIL
AT "DOD-CERT{AT-SIGN}DDN-CONUS.DDN.MIL."