By Seán Boran (sean at boran.com) for SecurityPortal
Weekly Solaris Security Digest Archive
http://www.securityportal.com/research/research.wss.html
none
none
2000-12-07: Lexmark Markvision Printer Driver Buffer Overflow Vulnerabilities
http://securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D20752000-12-06: Apache Web Server with Php 3 File Disclosure Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2060
Comment: Although only Apache for NT is mentioned, there is no obvious reason why the UNIX Apache/PHP3 should not be vulnerable.2000-12-06: Endymion MailMan WebMail Remote Arbitrary Command Execution Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20632000-12-06: phpGroupWare Remote Include File Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20692000-12-06: APC apcupsd Local Denial of Service Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20702000-12-05: Ultraseek/Inktomi Search Source Disclosure Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20612000-12-05: Ultraseek/Inktomi Search Information Disclosure Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20622000-12-05: IBM DB2 Universal Database Known Default Password Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20682000-12-02: phpWebLog Administrator Authentication Bypass Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20472000-12-01: Majordomo Config-file admin_password Configuration Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2028
The latest Solaris Recommended / Security Patch clusters are as follows:
Solaris 8 Nov/30/00* Solaris 7 Nov/02/00 Solaris 2.6 Dec/05/00* Solaris 2.5.1 Nov/02/00 See also: ftp://sunsolve.sun.com/pub/patches
Solaris Package archive
http://www.ibiblio.org/pub/packages/solaris/sparc/
This site provides precompiled Packages for many free tools, a bit like Sunfreeware.com.
No SSH packages were available though.
Solaris 8 Source Available
http://www.sun.com/software/solaris/source/Source can be either downloaded, or media kits bought for $75.- The SPARC and Intel sources are sold separately. The media kits will start shipping on 15th Dec - a nice Christmas present for yourself? :-)
Basic Installation of PHP on a Unix System
Darrell Brogdon
http://www.oreillynet.com/pub/a/php/2000/11/17/php_admin.html
Identifying ICMP Hackery Tools Used In The Wild Today
Ofir Arkin
http://www.securityfocus.com/focus/ids/articles/icmptools.htmlSeveral tools exist in the wild today that allow a malicious computer
attacker to send crafted ICMP datagrams. Those datagrams can be used for
various tasks: host detection, advanced host detection, Operating System
Fingerprinting and more. This article by Ofir Arkin will examine whether
we can identify the different tools used for ICMP hackery that are
available in the wild today. If we can identify the tool, we may be able
to identify the underlying operating system or a number of operating
systems that this tool might be running on top of.
Analysis of the T0rn Rootkit
Toby Miller
http://www.securityfocus.com/focus/ids/articles/t0rn.htmlThe purpose of this paper is to inform the IDS community of signatures related to the t0rn rootkit. This paper will not serve as a how-to guide to the t0rn rootkit; rather, it is designed to identify binaries and ports that t0rn uses. This paper will also provide md5sums of binaries and analysis on how to detect t0rn.
Security basics Part 2, More advice on file attribute bits and modes
Mo Budlong
http://www.sunworld.com/sunworldonline/swol-12-2000/swol-1201-unix101.htmlCould you use a quick refresher course on binary numbers? Need an expert to clarify hexadecimal and octal notation? This month in Unix 101, Mo Budlong continues his three-part series on Unix security with a closer look at file attribute bits and modes.
memconf
http://netnow.micron.net/~tschmidt/memconf.htmlThe memconf utility reports the size of each SIMM/DIMM memory module installed in a system. It also reports the system type and any empty memory sockets.
Comment: useful, but Intel users can abstain.
All tools are summarised in the 'Weekly Security Tools Digest'
http://securityportal.com/topnews/weekly/tools.html
12/06/00 SunShield BSM and SSH
http://www.securityfocus.com/templates/archive.pike?threads=1&end=2000-12-09&start=2000-12-03&list=92&tid=149153&fromthread=0&12/04/00 Compiling OpenSSH [Re: SunShield BSM and SSH]
http://www.securityfocus.com/templates/archive.pike?threads=1&end=2000-12-09&start=2000-12-03&list=92&tid=148519&fromthread=0&2/01/00 Compiling OpenSSH [Re: SunShield BSM and SSH]
http://www.securityfocus.com/templates/archive.pike?tid=148319&end=2000-12-02&start=2000-11-26&list=92&fromthread=0&threads=1&12/01/00 Compiling OpenSSH [Re: SunShield BSM and SSH]
http://www.securityfocus.com/templates/archive.pike?tid=148315&end=2000-12-02&start=2000-11-26&list=92&fromthread=0&threads=1&12/01/00 firewall penetration
http://www.securityfocus.com/templates/archive.pike?tid=148318&end=2000-12-02&start=2000-11-26&list=92&fromthread=0&threads=1&
Yassp beta 15 is still current. V1.0 is close. If you are a Solaris sysdmin, please consider testing Yassp and providing input on the documentation, programs and hardening at this very important stage before the final release.
Discussions
unlimit rlim_fd_max
http://www.theorygroup.com/Archive/YASSP/2000/msg00763.htmlRE: after.html: Post install doc
http://www.theorygroup.com/Archive/YASSP/2000/msg00762.htmlRe: Beta15 feedback
http://www.theorygroup.com/Archive/YASSP/2000/msg00761.htmlRe: CheckPatches
http://www.theorygroup.com/Archive/YASSP/2000/msg00756.htmlSee also
http://www.yassp.org
Weakness are continually discovered in Solaris and 3rd party applications. Not only do the weakness pose threats but the volume of weaknesses and patches can be a threat: if not managed carefully, they will consume too much time or they will be simple ignored.
The first problem is to be aware that weaknesses and/or patches actually exist. Possible strategies are:
How do you decide whether a weakness is worth patching?
Tools to help find patches relevant to your systems [1]:
Reg Quinton/Bruce Barnett's CheckPatches, CheckPatches.cron, GetApplyPatch, GetApplyPatch.cron scripts: http://ist.uwaterloo.ca/~reggers/drafts/
SunSolve sunsolve.sun.com (Patchdiag & XREF file)
A SunSolve Patch Primer: sunsolve.sun.com/pub-cgi/show.pl?target=content/content1SecurityFocus Vulnerability calculator SecurityFocus.com/focus/sun/form.html
Casper Dik's FastPatch: ftp://www.wins.uva.nl/pub/solaris/auto-install/
Joe Shambin's Patchreport: ftp://x86.cs.duke.edu/pub/PatchReport/index.html
If you have any security tips/scripts you'd like to share with others, contact sean at boran.com.
A list of Solaris resources and references:
securityportal.com/topnews/weekly/solarisref.html
Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
© Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 08 December, 2000 |
NEW! Sign up to get this digest and many others by email.