Name: | |
Email: | |
Security Portal Weekly Newsletter |
Weekly Solaris Security Roundup Archive
By Seán Boran, sean AT boran.com, for Security Portal
SSH and wu-ftp have been updated to fix security issues.
Security tools snort and nessus have new versions. Yassp is at beta#9.
The tip of the week presents "saveit", a script for simple version control of files/directories.
No new advisories this week.
Patches have not yet been produced for the Solaris 2.6/7/8 ufsrestore vulnerability noted three weeks ago.
CERT activity:
SecurityFocus: Installing
djbdns (DNScache) for Name Service, by Jeremy Rauch
This article discusses installing Dan Bernstein's alternative to BIND.
Solarisguide: Sun re-thinking source code giveaway
Nessus 1.0.2 released.
Snort Intrusion detection tool:
- New rules file released 07062k
- 'SnortNet' released by Fyodor
- Craig Smith has finished the Passive OS detection for snort and a Perl module for manipulating snort log files.
SSH 1.2.30 released, changes: disallow access via unsupported ciphersm, not hogging syslog file handles, making sure scp's don't miss data at the ends of files, Kerberos "none" ticket handling fix, Applied patch for BSD tty chown() bug, Previous: RSAREF buffer overflow bug fix.
OpenSSH Portable 1.1.1p2 released, see Changelog.
Bugtraq vulnerabilities this week - Solaris:
none
Bugtraq vulnerabilities this week - Applications that run on Solaris:
2000-07-05: Checkpoint Firewall-1 Spoofed Source Denial of Service Vulnerability
2000-07-05: proftpd Remote User Supplied Data Passed as Format String Vulnerability
2000-07-05: SSH 1.2.27 Kerberos Ticket Cache Exposure Vulnerability
This affects SSH users who use kerberos in a multi-user environment. An Upgrade to V1.2.30 is recommended (see above).
2000-07-05: cyrus With postfix and Procmail Remote Shell Expansion Vulnerabilities
2000-07-04: CGI-World Poll It Internal Variable Override Vulnerability
2000-06-30: Checkpoint Firewall-1 Remote Resource Overload Vulnerability
2000-06-30: Sendmail on Solaris - mail.local Content-Length Vulnerability
FOCUS-Sun discussions this week:
07/05/00 Disabling direct access
07/05/00 Max. No of processes
07/05/00 Solstice Disk Suite
07/05/00 FW-1 on Sun.
07/03/00 Book on SunScreen
06/30/00 Firewall in SunYassp (the Solaris hardening tool) Developers' list:
Yassp beta#9 has been released as a new (9MB) tarball. It looks very good, but a few minor problems have been found. Discussions:
feedback
browser problem
tcpd in /usr/binSee also: Main site, DL archive, Hardening Solaris Article.
Tip of the Week
It's a good idea to keep previous versions of configuration files, to allow rollback, have an audit trail and coordinate between several administrators. Some sysadmins use rcs, some copy the configuration file to file.DATE before hand, some do nothing :).
Francisco Mancardi from U&R Consultores [fman@uyr.com.ar] has written a simple script that can be used to save a copy of a file or directory before doing modifications.
Saveit is a little tool to make a backup of config files before you change them. It saves a copy under /Backup.d/DATE/ and logs "who saved what file" in /Backup.d/log-DATE. The existing directory structure is preserved under the backup directory.
It's a simple, but useful version control tool for text files. e.g.etc/[9]% saveit vfstab
copying file vfstab ===> /Backup.d/20000707/etc/vfstabetc/[61]% saveit vfstab
copying file vfstab ===> /Backup.d/20000707/etc/vfstab.13:37etc/[10]% ls -l /Backup.d/20000707/etc/vfs*
-rw-r--r-- 1 root sys 386 Mar 14 08:31 /Backup.d/20000707/etc/vfstab
-rw-r--r-- 1 root sys 386 Mar 14 08:31 /Backup.d/20000707/etc/vfstab.13:37
etc/[11]% tail /Backup.d/log-20000707
Backup base directory /Backup.d
Backup requested by root
Date (dd/mm/aaaa) 07-07-2000
Time 11:36
/etc/vfstab
--------------------------------------------------------------
Backup base directory /Backup.d
Backup requested by root
Date (dd/mm/aaaa) 07-07-2000
Time 13:37
/etc/vfstabThe advantages of this tool are: simplicity, and no clogging up the current directory with old versions of files, rcs directories etc. It has been tested on Linux, Solaris 2.6/7 and OpenBSD 2.6.
Three versions of the script can be downloaded:
- Francisco's original spanish version: saveit-sp.sh
- Francisco's version with english messages: saveit-en.sh
- My tweaked version: saveit (less verbose messages, fix for OpenBSD, english translations and if target exists save with a time postfix).
References and Resources
Sun Resources: Security Coordination Team, Security bulletins, General Sun Security, Solaris Security Datasheets, Java Security.
Patches
Sun security patches: sunsolve.sun.com/securitypatch
Public patches sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-accessIf you have a maintenance contract, login to sunsolve and get both the PatchDiag tool and it's reference database.
If you don't, use the SecurityFocus Solaris Patch Calculator.Web Publications, resources
Security Portal papers: Hardening Solaris, Review of the Sunscreen EFS3 firewall, All about SSH - Part I, All about SSH - Part II.
SecurityFocus: Sun section, Vulnerability database.
SANSGeneral discussion resources
Personal interface to Sun resources: www.sun.com/MySun
BigAdmin discussion forum & FAQs: www.sun.com/bigadmin/home/index.html Newsgroups: comp.unix.solaris, comp.sys.sun.admin, comp.sys.sun.hardware, alt.solaris.x86Sun-managers Mailing list: This high quality list has been around for many years and is an invaluable resource to Sun system administrators.
Send a request to "majordomo@sunmanagers.ececs.uc.edu". The request should contain simply one line which says either "subscribe sun-managers" or "unsubscribe sun-managers". You can specify the particular e-mail address to be added after the word "subscribe".SecurityFocus "FOCUS-Sun" list: see www.securityfocus.com/focus/sun/subscribe.html
Focus-Sun is meant to be a resource for Sun users and administrators, looking for that extra little bit of help ..., using Sun products in security roles, and getting additional information about the latest in Sun vulnerabilities. ... In addition, important announcements related to breaking vulnerabilities will be posted.