Bugtraq mailing list archives
Huge security hole in SDRC IDEAS MS6 cad system.
From: sow () CAD LUTH SE (Sven-Ove Westberg)
Date: Fri, 5 Jun 1998 14:27:44 +0200
Hi. I have found a huge security hole with the SDRC's new CAD system IDEAS Master Series 6. The now use the orbixd as an interface daemon and they run it as root!! I looked at Internet and found that s they run the daemon anyone can get root access or access as any user, from anyhost that can acces the TCP/IP port on the machine. Here is some references on security ond orbixd. http://list-archive.qds.com/corba-dev-html.1997/1663.htmsl http://www.iona.com/support/whitepapers/orbixsecurity/ http://tappi.me.tut.fi/~paavo/corba_docs/prguide/part2/chapter6/imprep10.html The CAD system is the main CAD system at many big companies for example Ford. I have sent out a waring to the mailing list for IDEAS users, we have also filed a bug report but SDRC seems to ignore the security of their customers computers since we have not heard any thing from them. SDRC did not supply you with any documentation on the orbixd just a script that you should run as ROOT!!! I think that talks for it self. Other systems may also use the orbixd look out for them. This is the Orbix.cfg file. # Below are listed the main orbix environment configuration variables # and associated default values. An Orbix client, server or daemon will # use these values if, and only if, the relevant unix environment # variable is not defined. # the port number for the Orbix daemon: IT_DAEMON_PORT 1570 # the starting port number for daemon-run servers: IT_DAEMON_SERVER_BASE 1590 # the full path name of the error messages _file_: IT_ERRORS $(SDRC_ORBIX_ROOT)/lib/ErrorMsgs # the full path name of the Implmentation Repository _directory_ IT_IMP_REP_PATH $(SDRC_ORBIX_SPOOL)/Repository # the full path name of the Interface Repository _directory_: IT_INT_REP_PATH $(SDRC_ORBIX_SPOOL)/Interfaces # the full path name of the _directory_ holding the locator files: IT_LOCATOR_PATH $(SDRC_ORBIX_SPOOL)/Locator Did anyone know if I can run the orbixd under tcpwrapper? What is the two ports for? Did it listen on two ports? Regards, -- Sven-Ove Westberg, CAD, University of Lulea, S-971 87 Lulea, Sweden.
Current thread:
- CISCO PIX Vulnerability Damir Rajnovic (Jun 03)
- Re: CISCO PIX Vulnerability Rick Smith (Jun 10)
- <Possible follow-ups>
- Re: CISCO PIX Vulnerability David Wagner (Jun 03)
- Re: CISCO PIX Vulnerability Damir Rajnovic (Jun 03)
- FreeBSD Security Advisory: FreeBSD-SA-98:05.nfs Aleph One (Jun 04)
- Re: FreeBSD Security Advisory: FreeBSD-SA-98:05.nfs matthew green (Jun 04)
- Huge security hole in SDRC IDEAS MS6 cad system. Sven-Ove Westberg (Jun 05)
- Security flaw in Accelerated-X 4.1 Stefan Laudat (Jun 08)
- Re: CISCO PIX Vulnerability Damir Rajnovic (Jun 05)
- Re: CISCO PIX Vulnerability Jamie Thain (Jun 20)