PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
(ISSO), SPECIAL SECURITY OFFICER (SSO), INFORMATION RESOURCE MANAGER
(IRM) AND AUTOMATED DATA PROCESSOR (ADP) COORDINATORS
SUBJECT: SCO HOME DIRECTORY VULNERABILITY (AUTOMATED SYSTEM SECURITY
INCIDENT SUPPORT TEAM (ASSIST) BULLETIN 93-25).
1.  ASSIST HAS RECEIVED INFORMATION INDICATING THAT SCO OPERATING
SYSTEMS MAY BE VULNERABLE TO A POTENTIAL COMPROMISE OF SYSTEM
SECURITY.  THIS VULNERABILITY ALLOWS UNAUTHORIZED ACCESS TO THE "DOS"
AND "ASG" ACCOUNTS, AND, AS A RESULT OF THIS ACCESS, UNAUTHORIZED
ACCESS TO THE "ROOT" ACCOUNT MAY ALSO OCCUR.  INFORMATION ABOUT THIS
VULNERABILITY AND HOW TO EXPLOIT IT HAS ALREADY BEEN WIDELY
DISTRIBUTED ON GLOBAL NETWORKS.  ALL RELEASES OF SCO ARE AFFECTED BY
THIS VULNERABILITY, INCLUDING C2 PRODUCTS.  A FULL LISTING OF
AFFECTED RELEASES AND VERSION NUMBERS IS LISTED BELOW.
SCO UNIX SYSTEM V/386 RELEASE 3.2 OPERATING SYSTEM
SCO UNIX SYSTEM V/386 RELEASE 3.2 OPERATING SYSTEM VERSION 2.0
SCO UNIX SYSTEM V/386 RELEASE 3.2 OPERATING SYSTEM VERSION 4.X
SCO UNIX SYSTEM V/386 RELEASE 3.2 OPERATING SYSTEM VERSION 4.0 WITH
         MAINTENANCE SUPPLEMENT VERSION 4.1 AND/OR VERSION 4.2
SCO NETWORK BUNDLE RELEASE 4.X
SCO OPEN DESKTOP RELEASE 1.X
SCO OPEN DESKTOP RELEASE 2.0
SCO OPEN DESKTOP LITE RELEASE 3.0
SCO OPEN DESKTOP RELEASE 3.0
SCO OPEN SERVER NETWORK SYSTEM RELEASE 3.0
SCO OPEN SERVER ENTERPRISE SYSTEM RELEASE 3.0
ASSIST AND THE SANTA CRUZ OPERATION RECOMMEND THAT ALL SITES USING
THESE SCO PRODUCTS TAKE ACTION TO ELIMINATE THE SOURCE OF
VULNERABILITY FROM AFFECTED SYSTEMS.  THIS PROBLEM WILL BE CORRECTED
IN UPCOMING RELEASES OF SCO OPERATING SYSTEMS. 
2.  BACKGROUND: THE HOME DIRECTORIES OF THE USERS "DOS" AND "ASG" ARE
/TMP AND /USR/TMP RESPECTIVELY. THESE DIRECTORIES ARE DESIGNED TO
HAVE GLOBAL WRITE PERMISSION.  THIS VULNERABILITY MAY ALLOW
UNAUTHORIZED USERS TO GAIN ACCESS TO THESE ACCOUNTS. THIS
VULNERABILITY MAY ALSO CORRUPT CERTAIN BINARIES IN THE SYSTEM WHICH
WOULD PREVENT REGULAR USERS FROM EXECUTING THE PROGRAMS AND INTRODUCE
A POTENTIAL FOR UNAUTHORIZED ROOT ACCESS.
3.  RECOMMENDATION: ALL AFFECTED SITES SHOULD FOLLOW THESE
INSTRUCTIONS:
A. LOG ONTO THE SYSTEM AS "ROOT"
B. CHOOSE THE FOLLOWING SEQUENCE OF MENU SELECTIONS FROM THE SYSTEM
ADMINISTRATION SHELL, WHICH IS INVOKED BY TYPING "SYSADMSH"
        1. ACCOUNTS-->USER-->EXAMINE-->
           [SELECT THE "DOS" ACCOUNT] -->IDENTITY
           -->HOME DIRECTORY-->CREATE-->PATH-->
           [CHANGE IT TO /USR/DOS INSTEAD OF /TMP]--> CONFIRM
        2. ACCOUNTS-->USER-->EXAMINE-->
           [SELECT THE "ASG" ACCOUNT] -->IDENTITY
           -->HOME DIRECTORY-->CREATE-->PATH-->
           [CHANGE IT TO /USR/ASG INSTEAD OF /USR/TMP]--> CONFIRM
C. IF DOS BINARIES HAVE BEEN MODIFIED, OR SITES ARE UNABLE TO
DETERMINE IF MODIFICATION HAS OCCURRED, ASSIST STRONGLY RECOMMENDS
REMOVING AND REINSTALLING THE DOS PACKAGE OF THE OPERATING SYSTEM
EXTENDED UTILITIES.  THIS CAN BE DONE USING CUSTOM(ADM).  SITES MAY
ALSO WANT TO CHECK THEIR SYSTEMS FOR SIGNS OF FURTHER COMPROMISE.
ADDITIONAL SECURITY ADVICE AND SUGGESTIONS CAN BE FOUND IN A SECURITY
CHECKLIST THAT CAN BE OBTAINED THROUGH ANONYMOUS FTP FROM CERT.ORG IN
PUB/TECH_TIPS/SECURITY_INFO, OR FROM THE ASSIST BBS GENERAL SECURITY
INFORMATION FILE SECTION, FILE GENRLSEC.TXT.
4.  IF YOU HAVE FURTHER QUESTIONS ABOUT THIS ISSUE, PLEASE CONTACT
SCO SUPPORT USING ONE OF THE METHODS LISTED BELOW, AND ASK FOR MORE
INFORMATION CONCERNING THE "SCO HOME DIRECTORY VULNERABILITY."
ELECTRONIC MAIL: SUPPORT@SCO.COM
USA/CANADA: 6AM-5PM PACIFIC DAYLIGHT TIME (PDT), 1-800-347-4381 
(VOICE), 1-408-427-5443  (FAX)
PACIFIC RIM, ASIA, AND LATIN AMERICAN CUSTOMERS: 6AM-5PM PACIFIC
DAYLIGHT TIME (PDT) 1-408-425-4726  (VOICE), 1-408-427-5443  (FAX)
EUROPE, MIDDLE EAST, AFRICA: 9AM-5:30PM BRITISH STANDARD TIME (BST)
+44 (0)923 816344 (VOICE), +44 (0)923 817781 (FAX)
5.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
PETE HAMMES.  THE ASSIST OFFICE CAN BE REACHED DURING DUTY HOURS
(06:30-17:00 EST), AT COMM (703) 756-7974, DSN 289.  AFTER DUTY
HOURS, HOLIDAYS AND WEEKENDS, ASSIST CAN BE REACHED BY PAGER AT (800)
759-7243, PIN 2133937.  THE ASSIST DUTY OFFICER WILL CALL YOU BACK
WITHIN 30 MINUTES, OR IF FASTER SERVICE IS REQUIRED, PREFIX YOUR
TELEPHONE NUMBER WITH '999' AND YOUR CALL WILL BE RETURNED WITHIN 5
MINUTES.  ASSIST CAN ALSO BE REACHED VIA MILNET (INTERNET) E-MAIL AT
ASSIST@ASSIST.IMS.DISA.MIL, OR BY LOGGING ON TO THE CISS ELECTRONIC
BULLETIN BOARD SYSTEM AT COMM (703) 756-7993/4, DSN 289, AND LEAVING
A MESSAGE FOR THE 'SYSOP'.
BT