By Seán Boran (sean at boran.com) for SecurityPortal
Weekly Solaris Security Digest Archive
http://www.securityportal.com/research/research.wss.html
none
none
2000-12-14: SafeWord e.Id Trivial PIN Brute-Force Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=21052000-12-14: Leif M. Wright simplestguest.cgi Remote Command Execution Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=21062000-12-14: Subscribe-Me Lite Administration Access Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=21082000-12-13: KDE Kmail Weak Password Encryption Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=21042000-12-13: Alex Heiphetz Group EZShopper Directory Disclosure Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=21092000-12-11: Oops Proxy Server Buffer Overflow Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20992000-12-11: ssldump Format String Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2096
Comment: no fix is yet available.2000-12-11: University of Washington Pico File Overwrite Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20972000-12-11: Leif M. Wright everythingform.cgi Arbitrary Command Execution Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=21012000-12-11: Leif M. Wright simplestmail.cgi Remote Command Execution Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=21022000-12-08: BroadVision One-To-One Enterprise Path Disclosure Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20882000-12-08: KTH Kerberos 4 Arbitrary Proxy Usage Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20902000-12-08: KTH Kerberos 4 Buffer Overflow Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20912000-12-08: KTH Kerberos 4 User-Supplied Configuration Files Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20922000-12-08: KTH Kerberos 4 Temporary File Race Condition Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=20932000-12-08: Allaire ColdFusion Sample Script DoS Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2094
The latest Solaris Recommended / Security Patch clusters are as follows:
Solaris 8 Dec/13/00* Solaris 7 Nov/02/00 Solaris 2.6 Dec/05/00 Solaris 2.5.1 Dec/12/00* See also: ftp://sunsolve.sun.com/pub/patches
System and Network Security - Kernel Options
Kurt Seifried
http://securityportal.com/closet/closet20001206.htmlKernel tuning for increasing security on Solaris, Linux and BSD is discussed.
Securing Your Business in the Age of the Internet
M.E. Kabay
http://securityportal.com/cover/coverstory20001204.htmlInformation technology is permeating all aspects of modern life and business. The growth of the Internet and in particular of the World Wide Web presents increasing challenges to information technology and business managers.
Additional Red Hat SPARC information
http://www.ultralinux.org/Red Hat has further said that it will continue to provide the unsupported SPARC edition in its Rawhide developers version. In addition the company could restart SPARC support if demand picks up. Earlier versions of the SPARC edition will still be supported.
Comment: Suse (www.suse.com) however are shipping a Linux for SPARC, without ifs and buts
An Apache Load Balancing Cluster
Don Gourley
http://www.sysadminmag.com/current/feature.shtmlIn this article, I describe the Java Application Server Pseudo-cluster (JASPer), a simple cluster built with commodity hardware and free software from the Apache Foundation. The master server runs the Apache HTTP daemon and the cluster nodes are running the Apache JServ Java application server.
Chasing the Wind - Episode Three: From Out of the Blue
Robert G. Ferrell
http://securityfocus.com/focus/ih/articles/chasing3.htmlSecurity Focus presents the third installation in the highly popular "Chasing the Wind" series. In this episode, entitled "From Out of the Blue", our intrepid system administrator Jake continues to do battle with Ian, an ambitious script-kiddie and aspiring hacker. Meanwhile, their battle starts to take on mysterious overtones as Bob, Jake's boss and company CIO, receives a haunting message from the past, one that hints of intrigue and serious security ramifications.
Comment: Good article.
12/14/00 Solaris 8 and Windows NT...
http://securityfocus.com/templates/archive.pike?fromthread=0&tid=150998&end=2000-12-16&start=2000-12-10&list=92&threads=1&12/13/00 SEAM, KRB5 and phrase length
http://securityfocus.com/templates/archive.pike?fromthread=0&tid=150630&end=2000-12-16&start=2000-12-10&list=92&threads=1&12/13/00 Packages Installation
http://securityfocus.com/templates/archive.pike?fromthread=0&tid=150634&end=2000-12-16&start=2000-12-10&list=92&threads=1&12/09/00 rc*.d directories
http://securityfocus.com/templates/archive.pike?fromthread=0&tid=149800&end=2000-12-09&start=2000-12-03&threads=1&list=92&
Yassp beta 15 is still current. Yassp is being moved to SourceForge the main activity this week was updating of the post-install documentation. If you are a Solaris sysdmin, please consider testing Yassp and providing input on the documentation, programs and hardening at this very important stage before the final release.
Discussions
after.html update
http://www.theorygroup.com/Archive/YASSP/2000/msg00772.htmlRe: nit about improper quoting...
http://www.theorygroup.com/Archive/YASSP/2000/msg00771.htmlSee also
http://www.yassp.org
Sun system administrators often manage the consoles of servers via serial lines: almost everything can be done remotely including OS installations. This feature is possible due to the powerful boot prom monitor included in Sun's SPARC systems (an advantage that Sun hardware has over all others I've so far).
The fun starts when trying to do the same with PCs running Solaris. The PC does not have an intelligent prom, so what Sun did was to implement the boot prom monitor in Software (it is called the Device Configuration Assistant). Booting a Solaris PC has several key steps:
- The PC BIOS decides what devices will be used for booting, in what order and whether certain devices are disabled.
- The SCSI controller (if there is one) can be configured to insist on it's own boot device.
- The boot disk has been now selected and activated.
- Device Configuration Assistant detects devices and makes them visible to the boot manager. If ESC is pressed when this is booting, devices can be changed as can default boot order, boot disks etc. via a menu-based interface. It is installed in the first few disk cylinders, in a separate partition (/boot).
- Boot Manager: Allow options to be given to Solaris on booting, or using the boot interpreter
- Solaris
It is possible to get PCs to use the serial port A (COM1) as their console, you just need a null modem cable and a bit of patience....
On Solaris 8, the following commands divert console input and output to the first COM port and ignore "carrier detect" signals (other the machine won't reboot unless you are connected to the serial line). The Device Configuration Assistant can also be used to set these options.
eeprom ttya-ignore-cd=true
eeprom input-device=ttya
eeprom output-device=ttyaNote: Apparently the console redirection can also be actived by editing /platform/i86pc/boot/solaris/bootenv.rc and adding: "setprop output-device com1", "setprop input-device com1".
If connecting from another Solaris box, say on it's second serial port:
- Set the speed for cuab to 9600 in /etc/remote
- Connect using a command like:
tip cuab- Tips on using tip commands...
~? Get a summary of the tilde escapes.
~. Drop the connection and exit (you may still be logged in on the remote machine).
~! Escape to an interactive shell on the local machine (exiting the shell returns you to tip).
~# Send a BREAK to the remote system (THIS IS THE SAME AS STOP-A, but has not effect in x86 hosts).- If you use SSH to access the host which has its second port connect to the Console on the target, and you use tip, you'll find the tilde escapes giving SSH commands. So add an extra tilde to the front of the tip commands, e.g. ~~# for break.
If you have any security tips/scripts you'd like to share with others, contact us.
A list of Solaris resources and references:
securityportal.com/topnews/weekly/solarisref.html
All security tool news is summarised in the 'Weekly Security Tools Digest'
http://securityportal.com/topnews/weekly/tools.html
Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
© Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 16 December, 2000 |
NEW! Sign up to get this digest and many others by email.