Name: | |
Email: | |
Security Portal Weekly Newsletter |
Current Weekly Solaris Security Roundup
By Seán Boran, sean AT boran.com, for Security Portal
Contents:
The Rundown
Advisories & Security
Bulletins
News
Mailing lists /Bugtraq
Tip of the Week
One new problem with Solaris has popped up, a (locally exploitable) buffer overflow in lpset. See the Bugtraq section.
none this week.
Sunworld are analysing Solaris8:
http://www.sunworld.com/sunworldonline/swol-05-2000/swol-05-supersys.html
Sun give you 10 reasons why you might want Solaris 8:
http://sunsolve.Sun.COM/pub-cgi/show.pl?target=content/content6
Bugtraq vulnerabilities this week - Solaris:
2000-05-12: Solaris netpr Buffer Overflow Vulnerability
Description: A locally exploitable buffer overrun exists in the 'netpr' program, on Solaris 2.6 and 7, on both Sparc and x86. The overflow is present in the -p option, normally
used to specify a printer. By specifying a long buffer containing machine
executable code, it is possible to execute arbitrary commands as root.
On Sparc, the exploits provided will spawn a root shell, whereas on x86
it will create a setuid root shell in /tmp.Fixes:
- Removal of the setuid bit on the /usr/lib/lp/bin/netpr program will
eliminate this vulnerability. This may prevent some portions of the
network printing subsystem from working.- Sun has patches available for this vulnerability. At the present time, they
are only available to contract customers.
Solaris 8.0 x86: patch 109321-01 SPARC patch 109320-01
Solaris 7.0 x86: patch 107116-04 SPARC patch 107115-04
Solaris 2.6 x86: patch 106236-05 SPARC patch 106235-05
Bugtraq vulnerabilities this week - Applications that run on Solaris:
2000-05-10: Netscape Communicator /tmp Symlink Vulnerability
2000-05-10: Matt Wright FormMail Environmental Variables Disclosure Vulnerability
2000-05-10: Netscape Navigator and Communicator Invalid SSL Certificate Warning Bypass Vulnerability
Summary of FOCUS-Sun Discussions:
05/15/00 Re: netpr vulnerability
05/14/00 Bugtraq Stats for the last 3 years available now.
05/12/00 Re: Running Apache on chroot() with Solaris 8
05/08/00 portal security
The Solaris7 mount option noatime allows mounting file systems without updating inodes at each access to any file. This will significantly speed up services like web caches or news servers, which do a lot of file IO with small files.
The Solaris7 UFS logging mount feature keeps a transaction log within the mounted partition. The advantage is an almost instantaneous filesystem check - which may take a considerable while with larger harddisks, e.g. 18 GB. The disadvantage is the additional time spent writing the transaction log. Not recommended it for cache nor news partitions.
Add SecurityPortal.com Top News to your My Netscape page | |
Get SecurityPortal for your PalmPilot! | |
Home | Top News | Research Center | Search | Feedback | About SecurityPortal | |