Weekly Solaris Security Digest
2000/11/04 to 2000/12/11

By Seán Boran (sean at boran.com) for SecurityPortal

Weekly Solaris Security Digest Archive
http://www.securityportal.com/research/research.wss.html


The Rundown


Advisories and Security Bulletins

Sun / CERT bulletins

none

Bugtraq vulnerabilities this week - Solaris:

none

Bugtraq vulnerabilities this week - 3rd party applications:

2000-12-07: Lexmark Markvision Printer Driver Buffer Overflow Vulnerabilities
http://securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D2075

2000-12-06: Apache Web Server with Php 3 File Disclosure Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2060
Comment: Although only Apache for NT is mentioned, there is no obvious reason why the UNIX Apache/PHP3 should not be vulnerable.

2000-12-06: Endymion MailMan WebMail Remote Arbitrary Command Execution Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2063

2000-12-06: phpGroupWare Remote Include File Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2069

2000-12-06: APC apcupsd Local Denial of Service Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2070

2000-12-05: Ultraseek/Inktomi Search Source Disclosure Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2061

2000-12-05: Ultraseek/Inktomi Search Information Disclosure Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2062

2000-12-05: IBM DB2 Universal Database Known Default Password Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2068

2000-12-02: phpWebLog Administrator Authentication Bypass Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2047

2000-12-01: Majordomo Config-file admin_password Configuration Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2028


Patches

The latest Solaris Recommended / Security Patch clusters are as follows:

Solaris 8 Nov/30/00*
Solaris 7 Nov/02/00
Solaris 2.6 Dec/05/00*
Solaris 2.5.1 Nov/02/00
See also: ftp://sunsolve.sun.com/pub/patches

News & Articles

Solaris Package archive
http://www.ibiblio.org/pub/packages/solaris/sparc/
This site provides precompiled Packages for many free tools, a bit like Sunfreeware.com. No SSH packages were available though.

 

SolarisGuide

Solaris 8 Source Available
http://www.sun.com/software/solaris/source/

Source can be either downloaded, or media kits bought for $75.- The SPARC and Intel sources are sold separately. The media kits will start shipping on 15th Dec - a nice Christmas present for yourself? :-)

O'Reilly Network

Basic Installation of PHP on a Unix System
Darrell Brogdon
http://www.oreillynet.com/pub/a/php/2000/11/17/php_admin.html

SecurityFocus

Identifying ICMP Hackery Tools Used In The Wild Today
Ofir Arkin
http://www.securityfocus.com/focus/ids/articles/icmptools.html

Several tools exist in the wild today that allow a malicious computer
attacker to send crafted ICMP datagrams. Those datagrams can be used for
various tasks: host detection, advanced host detection, Operating System
Fingerprinting and more. This article by Ofir Arkin will examine whether
we can identify the different tools used for ICMP hackery that are
available in the wild today. If we can identify the tool, we may be able
to identify the underlying operating system or a number of operating
systems that this tool might be running on top of.

 

Analysis of the T0rn Rootkit
Toby Miller
http://www.securityfocus.com/focus/ids/articles/t0rn.html

The purpose of this paper is to inform the IDS community of signatures related to the t0rn rootkit. This paper will not serve as a how-to guide to the t0rn rootkit; rather, it is designed to identify binaries and ports that t0rn uses. This paper will also provide md5sums of binaries and analysis on how to detect t0rn.

 

Sunworld

Security basics Part 2, More advice on file attribute bits and modes
Mo Budlong
http://www.sunworld.com/sunworldonline/swol-12-2000/swol-1201-unix101.html

Could you use a quick refresher course on binary numbers? Need an expert to clarify hexadecimal and octal notation? This month in Unix 101, Mo Budlong continues his three-part series on Unix security with a closer look at file attribute bits and modes.

 

Security Tools News

memconf
http://netnow.micron.net/~tschmidt/memconf.html

The memconf utility reports the size of each SIMM/DIMM memory module installed in a system. It also reports the system type and any empty memory sockets.
Comment: useful, but Intel users can abstain.

 

All tools are summarised in the 'Weekly Security Tools Digest'
http://securityportal.com/topnews/weekly/tools.html


Mailing Lists

FOCUS-Sun Discussions Threads

12/06/00 SunShield BSM and SSH
http://www.securityfocus.com/templates/archive.pike?threads=1&end=2000-12-09&start=2000-12-03&list=92&tid=149153&fromthread=0&

12/04/00 Compiling OpenSSH [Re: SunShield BSM and SSH]
http://www.securityfocus.com/templates/archive.pike?threads=1&end=2000-12-09&start=2000-12-03&list=92&tid=148519&fromthread=0&

2/01/00 Compiling OpenSSH [Re: SunShield BSM and SSH]
http://www.securityfocus.com/templates/archive.pike?tid=148319&end=2000-12-02&start=2000-11-26&list=92&fromthread=0&threads=1&

12/01/00 Compiling OpenSSH [Re: SunShield BSM and SSH]
http://www.securityfocus.com/templates/archive.pike?tid=148315&end=2000-12-02&start=2000-11-26&list=92&fromthread=0&threads=1&

12/01/00 firewall penetration
http://www.securityfocus.com/templates/archive.pike?tid=148318&end=2000-12-02&start=2000-11-26&list=92&fromthread=0&threads=1&

 

YASSP (the Solaris hardening tool) Developers' list discussions

Yassp beta 15 is still current. V1.0 is close. If you are a Solaris sysdmin, please consider testing Yassp and providing input on the documentation, programs and hardening at this very important stage before the final release.

Discussions

unlimit rlim_fd_max
http://www.theorygroup.com/Archive/YASSP/2000/msg00763.html

RE: after.html: Post install doc
http://www.theorygroup.com/Archive/YASSP/2000/msg00762.html

Re: Beta15 feedback
http://www.theorygroup.com/Archive/YASSP/2000/msg00761.html

Re: CheckPatches
http://www.theorygroup.com/Archive/YASSP/2000/msg00756.html

See also
http://www.yassp.org


Tip of the Week: The dreaded patches

Patch strategies

Weakness are continually discovered in Solaris and 3rd party applications. Not only do the weakness pose threats but the volume of weaknesses and patches can be a threat: if not managed carefully, they will consume too much time or they will be simple ignored.

The first problem is to be aware that weaknesses and/or patches actually exist. Possible strategies are:

  1. Get on all the mailing lists of organisations such as CERT/First, vendors like Sun, and especially Bugtraq. This can consume quite a lot of time.
  2. Get on the mailing list of an organisation which produces regular summaries of weakness/patches and security news, for example SecurityPortal, SecurityFocus, SANS or maybe this Digest :-). If a regular source of reliable information on Solaris and the applications that you use can be found, it may save much time.
  3. Run a tool on important servers that checks the current patch level and compares it with the newest list of patches available from Sun: This is the ideal situation (it is discussed below in more detail), but 3rd party applications will not be covered.
  4. Check Sun's recommended patch bundles for changes every month or two: This requires little effort, but security is not as tight, 3rd party weakness are not covered and the recommended bundles do not cover all Security problems.

How do you decide whether a weakness is worth patching?

Patch Tools

Tools to help find patches relevant to your systems [1]:

References [1]:

Reg Quinton/Bruce Barnett's CheckPatches,  CheckPatches.cron, GetApplyPatch, GetApplyPatch.cron scripts: http://ist.uwaterloo.ca/~reggers/drafts/

SunSolve sunsolve.sun.com (Patchdiag & XREF file)
A SunSolve Patch Primer: sunsolve.sun.com/pub-cgi/show.pl?target=content/content1

SecurityFocus Vulnerability calculator SecurityFocus.com/focus/sun/form.html
Casper Dik's FastPatch: ftp://www.wins.uva.nl/pub/solaris/auto-install/
Joe Shambin's Patchreport: ftp://x86.cs.duke.edu/pub/PatchReport/index.html

 

If you have any security tips/scripts you'd like to share with others, contact sean at boran.com.


References and Resources

A list of Solaris resources and references:
securityportal.com/topnews/weekly/solarisref.html


About the Author

Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.

© Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 08 December, 2000

NEW! Sign up to get this digest and many others by email.