Weekly Solaris Security Roundup -  2000/06/05 to 2000/06/11

Name:
Email:

Security Portal
Weekly Newsletter

Weekly Solaris Security Roundup Archive

By Seán Boran, sean AT boran.com, for Security Portal


The Rundown

A quiet week for Sun, no new advisories or weaknesses, but a few interesting news items. The reference section has been updated.


CERT Advisories & Sun Security Bulletins


none this week.


News

Sunworld:

Hacker's toolchest, Techniques and tools for penetration testing
Discussion: Who paints the hacker image and why?

BigAdmin:

New Freeware section
GNAC Console Server
SunSolve Article: Hardware Diagnostics for Sun Systems: A Toolkit for System Administrators

SecurityFocus

A (Real-Audio) interview with Ravi Iyer, Senior Product Manager for Solaris Software at Sun. Topics include Solaris 8 and security.

Solarisguide:

Shell access security: An article on SSH from Devshed.
Why 100% Pure Java is a Crock From Samizdat Productions.

BSD Today:Delegating superuser tasks with sudo


Mailing lists, Bugtraq

Bugtraq vulnerabilities this week - Solaris:

none

Bugtraq vulnerabilities this week - Applications that run on Solaris:

2000-06-08: Lilikoi Ceilidh 2.60 Multiple Vulnerabilities
2000-06-08: Unify eWave ServletExec JSP Source Code Disclosure Vulnerability
2000-06-06: ISC innd 2.x Remote Buffer Overflow Vulnerability
2000-06-05: BRU BRUEXECLOG Environmental Variable Vulnerability

FOCUS-Sun discussions this week:

06/08/00 setuid Q.
06/07/00 solaris packages
06/05/00 High TCP connect timeout rate
06/05/00 No secure copy on Solaris 8?

Progress report on Yassp (the Solaris hardening tool), from the Developers' list:

First release is edging closer, discussions were on:
- renaming Yassp: no changes for now, but the main package will be renamed from SECclean to SANSsouci in the next release (SANSsouci means "without worry" in French, a nice word play)
- preparing the SANS release announcement
- possible improvement to the management of startup files (and how patches might undo Yassp's work).
- Improving the comments and settings in /etc/sshd_config
See also: Yassp siteHardening Solaris (with Yassp)


Tip of the Week


SANS Report: How To Eliminate The Ten Most Critical Internet Security Threats
"...The majority of successful attacks on computer systems via the Internet can be traced to exploitation of one of a small number of security flaws...A few software vulnerabilities account for the majority of successful attacks because attackers are opportunistic – taking the easiest and most convenient route. They exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, by scanning the Internet for vulnerable systems."

SANS lists not just the top weaknesses, system affected but also solutions. The document is updated regularly. Read it.


References and Resources

Sun Security Resources:

Sun Security Coordination Team sunsolve.sun.com/pub-cgi/show.pl?target=security/sec
Sun security bulletins are available at: sunsolve.sun.com/security
General Sun Security www.sun.com/security
Solaris Security Datasheets www.sun.com/software/solaris/ds/ds-security
Java Security java.sun.com/security

Patches

If you have a maintenance contract, login to sunsolve and get both the PatchDiag tool and it's reference database, sunsolve.sun.com. If you don't, use the SecurityFocus Solaris Patch Calculator: www.securityfocus.com/sun/vulncalc

Sun security patches: sunsolve.sun.com/securitypatch
Public  sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access Patch download tool WGET sunsite.auc.dk/ftp/pub/infosystems/wget

Web Publications, resources

SecurityFocus, Sun section: www.securityfocus.com/sun
Vulnerability database: www.securityfocus.com/vdb

Security Portal papers:

Hardening Solaris
Review of the Sunscreen EFS3 firewall
All about SSH - Part I 
All about SSH - Part II

SANS Report: How To Eliminate The Ten Most Critical Internet Security Threats

BigAdmin SunFreeware
Solaris Guide Freeware4sun
Solaris Central Intrusion Detection: snort
Solaris-System (x86) Forum Network scanner: Nessus, Nmap
Sunwhere index of resources
Sunworld security columns The IT Security Cookbook
Solaris Security FAQ BSD Today

General discussion resources

News /personal interface to Sun resources: www.sun.com/MySun
BigAdmin discussion forum & FAQs: www.sun.com/bigadmin/home/index.html Newsgroups:
  comp.unix.solaris
  comp.sys.sun.admin
  comp.sys.sun.hardware
  alt.solaris.x86

Sun-managers Mailing list: This list has been around for many years and is an invaluable resource to Sun system administrators.
To have your mailing address added to or removed from the mailing list, send a request to "majordomo@sunmanagers.ececs.uc.edu". The request should contain simply one line which says either "subscribe sun-managers" or "unsubscribe sun-managers". You can specify the particular e-mail address to be added after the word "subscribe".

SecurityFocus "FOCUS-Sun" list: see www.securityfocus.com/focus/sun/subscribe.html
Focus-Sun is meant to be a resource for Sun users and administrators, looking for that extra little bit of help ..., using Sun products in security roles, and getting additional information about the latest in Sun vulnerabilities. ... In addition, important announcements related to breaking vulnerabilities will be posted.