By Seán Boran (sean at boran.com) for SecurityPortal
Weekly Solaris Security Digest Archive
http://www.securityportal.com/research/research.wss.html
none
Solaris patchadd Race Condition Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2127
Updated Analysis: Last week this vulnerability was reported and Sun are working on a patch. The problem is a 'local exploit' on Solaris 7/8 (patchadd did not exist in older versions), so on sensitive multi-user systems, either install patches in single-user mode, or remove /tmp files just before running patchadd, or apply Darren Moffat's set of diffs to fix patchadd (if you don't want to wait for the official fixes) http://archives.neohapsis.com/archives/bugtraq/2000-12/0442.html
Sun Cluster multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
Sun Cluster version 2.x contains various vulnerabilities that would allow a remote attacker to gain access to system configuration information of a host running in.mond, the Cluster monitor daemon. By telneting to Port 12000, an attacker can read the host's syslog and view the cluster configuration information. Further, if an attacker has a local account, he or she can create a symlink in /var/opt/SUNWcluster/fm/fmstatus/nfs/<logicalhostname>/status, and then use the "open hastat" command of the monitor daemon to view any file on the host. Sun is working on a patch.
Korn Shell Redirection Race Condition Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2148
Comment: This is a local exploit. Solaris 8 is not vulnerable
2000-12-28: ikonboard Arbitrary Command Execution Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=21572000-12-25: Upland Solutions 1st Up Mail Server DoS Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=21522000-12-20: GnuPG Detached Signature Verification False-Positive Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2141
Comment: upgrade to v1.042000-12-19: Oracle WebDB PL/SQL Proxy Access Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2150
The latest Solaris Recommended / Security Patch clusters are as follows:
Solaris 8 Dec/19/00 Solaris 7 Dec/19/00 Solaris 2.6 Dec/05/00 Solaris 2.5.1 Dec/12/00 See also: ftp://sunsolve.sun.com/pub/patches
Security basics, Part 2
Mo Budlong
http://www.sunworld.com/unixinsideronline/swol-12-2000/swol-1201-unix101.htmlMore advice on file attribute bits and modes.
dsniff and SSH Reports of My Demise are Greatly Exaggerated
Richard E. Silverman
http://sysadmin.oreilly.com/news/silverman_1200.htmlKurt Seifried wrote an article titled The End of SSL and SSH? The article has generated a fair amount of discussion and buzz, not least because of its dire-sounding title. And there are certainly important implications to the appearance of sshmitm. Seifried's piece, however, contains several factual errors and misleading statements in discussing the details of SSH (secure shell), SSL (secure sockets layer), and MITM. This is unfortunate, since these shortcomings blur the essential message, which is valid and important to get out.
Comment: good analysis.
12/23/00 rstchown kernel setting
http://securityfocus.com/templates/archive.pike?tid=152837&end=2000-12-23&start=2000-12-17&threads=1&fromthread=0&list=92&
Yassp beta 15 is still current.
No Discussions this week.
See also http://www.yassp.org
Readers wrote in this week with tips:
"It's an 8-bit ISA board that emulates the original IBM MDA (Monochrome Display Adapter) character-based video board and the PC keyboard. Plugged into an 8-bit or 16-bit ISA slot, it takes the characters written by your CPU into its "video" memory and pumps them out its onboard RS-232 port. Characters input by you into the RS-232 port are converted into keyboard scan codes and presented to the motherboard's keyboard connector.
The pricing for our board is US $250 plus shipping (per). We only sell direct, and accept Visa, Mastercard and company PO's. We are working on the PCI version, and hope to have our proto working in the next couple of weeks - then a beta run, and hopefully ready for market by April at some point. Still no idea as to what the cost will be.
The PC Weasel distinguishes itself even further by being an open-source product. Every purchaser receives a source license for the Weasel's onboard microcontroller code. If you don't like some aspect of the board's behaviour as shipped by us, you're free to modify it using a gcc-based toolchain. The code store is flash memory that can be written without special equipment, and there's a second serial port provided for debugging."
If you have any security tips/scripts you'd like to share with others, contact us.
A list of Solaris resources and references:
securityportal.com/topnews/weekly/solarisref.html
All security tool news is now summarised in the 'Weekly Security Tools Digest'
http://securityportal.com/topnews/weekly/tools.html
Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
© Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 29 December, 2000 |
Sign up to get this digest and many others by email.