Name: | |
Email: | |
Security Portal Weekly Newsletter |
Weekly Solaris Security Roundup Archive
By Seán Boran, sean AT boran.com, for Security Portal
Vulnerabilities: Roxen, Websphere and Navigator require attention.
Tools updated: Snort.
Articles: Forensics, IPFilter, Sendmail.
Tip of the Week presents The Coroner's Toolkit (TCT).
No relevant Sun or CERT advisories this week.
Bugtraq vulnerabilities this week - Solaris: none.
Bugtraq vulnerabilities this week - Applications that run on Solaris:
2000-07-25: Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability
2000-07-24: IBM WebSphere Showcode Vulnerability
Code/scripts can be viewed remotely.2000-07-21: Roxen WebServer %00 Request File/Directory Disclosure Vulnerability
Directory contents and script contents can be remotely listed, by sending a request like http://www.server.com/%00. A patch is available.
Forensics, How do you trace a security breach? By Carole Fennelly
A useful summary of tracking down what had happened to a compromised system. No mention is made of The Coroner's Toolkit though, which is very useful in such situations.
Introduction to IP Filter
by Jeremy Rauch
The first of a two part series, discusses installing a configuring IPF for localhost use. Network firewall usage will be discussed next week.Moment's Notice: The Immediate Steps of Incident Handling, by Ben Malisow
PortSentry monitor ports and can kick off alarms. Useful for intrusion detection. A new article by Clifford Smith on 'BSD Today' explains how to set it up: Deploying Portsentry.
Snort Intrusion detection tool:
- V1.6.3. released. This is a stable release and no changes are expected soon. This new version comes bundled with DB plugs and all the available helper scripts (such as snort snarf).
- A new Win32 version is available too.
- 07122k.rules released, another update to the rules is expected in the coming days.
- The author has compiled and tested this new release on Solaris 2.6, 2.8 and OpenBSD 2.6. Note: the default logging directory has changed from /var/log to /var/log/snort (the '-l' option can be used also).Nmap: The email lists are now archived on-line.
FOCUS-Sun discussions:
07/21/00 filesystem integrity
07/21/00 secure shell advice
07/21/00 SUNWski
Yassp (the Solaris hardening tool) Developers' list:
- Yassp beta#11 is still under test.
- SANS announced that Yassp is nearing release status and has provided a permanent link from their home page.Discussions:
lsof and traceroute
Re: Beta#11 feedback
Mods to tarball.html
RTFM...See also: Main site, DL archive.
Once your system has been penetrated by an attacker, what do you (apart from panic!)?
The Coroner's Toolkit (TCT) by the Dan Farmer and Wietse Venema can help with the analyse of system in an effort to find out what happened, how and when.
Tips
Preparation
If you have any security tips/scripts you'd like to share with others, contact sean AT boran.com.
For brevity, the list of resources and references is now kept in a separate document: solarisref.html.
© Copyright 2000, SecurityPortal Inc. & Seán Boran, All Rights Reserved Last Update: 31 July, 2000 |