Weekly Solaris Security Roundup

Week ending 19th May 2000

Name:
Email:

Security Portal
Weekly Newsletter

Current Weekly Solaris Security Roundup

By Seán Boran, sean AT boran.com, for Security Portal

Contents:
  The Rundown
  Advisories & Security Bulletins
  News
  Mailing lists /Bugtraq
  Tip of the Week


The Rundown

One new problem with Solaris has popped up, a (locally exploitable) buffer overflow in lpset. See the Bugtraq section.


CERT Advisories & Sun Security Bulletins

none this week.


News

Sunworld are analysing Solaris8:
http://www.sunworld.com/sunworldonline/swol-05-2000/swol-05-supersys.html

Sun give you 10 reasons why you might want Solaris 8:
http://sunsolve.Sun.COM/pub-cgi/show.pl?target=content/content6


Mailing lists, Bugtraq

Bugtraq vulnerabilities this week - Solaris:

2000-05-12: Solaris netpr Buffer Overflow Vulnerability
Description: A locally exploitable buffer overrun exists in the 'netpr' program, on Solaris 2.6 and 7, on both Sparc and x86. The overflow is present in the -p option, normally
used to specify a printer. By specifying a long buffer containing machine
executable code, it is possible to execute arbitrary commands as root.
On Sparc, the exploits provided will spawn a root shell, whereas on x86
it will create a setuid root shell in /tmp.

Fixes:

Bugtraq vulnerabilities this week - Applications that run on Solaris:

2000-05-10: Netscape Communicator /tmp Symlink Vulnerability
2000-05-10: Matt Wright FormMail Environmental Variables Disclosure Vulnerability
2000-05-10: Netscape Navigator and Communicator Invalid SSL Certificate Warning Bypass Vulnerability

Summary of FOCUS-Sun Discussions:

05/15/00 Re: netpr vulnerability
05/14/00 Bugtraq Stats for the last 3 years available now.
05/12/00 Re: Running Apache on chroot() with Solaris 8
05/08/00 portal security


Tip of the Week

The Solaris7 mount option noatime allows mounting file systems without updating inodes at each access to any file. This will significantly speed up services like web caches or news servers, which do a lot of file IO with small files.

The Solaris7 UFS logging mount feature keeps a transaction log within the mounted partition. The advantage is an almost instantaneous filesystem check - which may take a considerable while with larger harddisks, e.g. 18 GB. The disadvantage is the additional time spent writing the transaction log. Not recommended it for cache nor news partitions.


Add SecurityPortal.com Top News to your My Netscape page
Get SecurityPortal for your PalmPilot!
Home | Top News | Research Center | Search | Feedback | About SecurityPortal
Security Portal