Weekly Solaris Security Digest
2000/12/25 to 2001/01/01

By Seán Boran (sean at boran.com) for SecurityPortal

Weekly Solaris Security Digest Archive
http://www.securityportal.com/research/research.wss.html


The Rundown


Advisories and Security Bulletins

Sun / CERT bulletins

none

Bugtraq vulnerabilities this week - Solaris:

Solaris patchadd Race Condition Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2127

Updated Analysis: Last week this vulnerability was reported and Sun are working on a patch. The problem is a 'local exploit' on Solaris 7/8 (patchadd did not exist in older versions), so on sensitive multi-user systems, either install patches in single-user mode, or remove /tmp files just before running patchadd, or apply Darren Moffat's set of diffs to fix patchadd (if you don't want to wait for the official fixes) http://archives.neohapsis.com/archives/bugtraq/2000-12/0442.html

 

Sun Cluster multiple vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
Sun Cluster version 2.x contains various vulnerabilities that would allow a remote attacker to gain access to system configuration information of a host running in.mond, the Cluster monitor daemon. By telneting to Port 12000, an attacker can read the host's syslog and view the cluster configuration information. Further, if an attacker has a local account, he or she can create a symlink in /var/opt/SUNWcluster/fm/fmstatus/nfs/<logicalhostname>/status, and then use the "open hastat" command of the monitor daemon to view any file on the host. Sun is working on a patch.

 

Korn Shell Redirection Race Condition Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2148
Comment: This is a local exploit. Solaris 8 is not vulnerable

Bugtraq vulnerabilities this week - 3rd party applications:

2000-12-28: ikonboard Arbitrary Command Execution Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2157

2000-12-25: Upland Solutions 1st Up Mail Server DoS Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2152

2000-12-20: GnuPG Detached Signature Verification False-Positive Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2141
Comment: upgrade to v1.04

2000-12-19: Oracle WebDB PL/SQL Proxy Access Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2150


Patches

The latest Solaris Recommended / Security Patch clusters are as follows:

Solaris 8 Dec/19/00
Solaris 7 Dec/19/00
Solaris 2.6 Dec/05/00
Solaris 2.5.1 Dec/12/00
See also: ftp://sunsolve.sun.com/pub/patches

News & Articles

Sunworld

Security basics, Part 2
Mo Budlong
http://www.sunworld.com/unixinsideronline/swol-12-2000/swol-1201-unix101.html

More advice on file attribute bits and modes.

 

O'Reilly Net

dsniff and SSH Reports of My Demise are Greatly Exaggerated
Richard E. Silverman
http://sysadmin.oreilly.com/news/silverman_1200.html

Kurt Seifried wrote an article titled The End of SSL and SSH? The article has generated a fair amount of discussion and buzz, not least because of its dire-sounding title. And there are certainly important implications to the appearance of sshmitm. Seifried's piece, however, contains several factual errors and misleading statements in discussing the details of SSH (secure shell), SSL (secure sockets layer), and MITM. This is unfortunate, since these shortcomings blur the essential message, which is valid and important to get out.
Comment: good analysis.


Mailing Lists

FOCUS-Sun Discussions Threads

12/23/00 rstchown kernel setting
http://securityfocus.com/templates/archive.pike?tid=152837&end=2000-12-23&start=2000-12-17&threads=1&fromthread=0&list=92&

YASSP (the Solaris hardening tool) Developers' list discussions

Yassp beta 15 is still current.

No Discussions this week.

See also http://www.yassp.org


Tip of the Week

Readers wrote in this week with tips:

If you have any security tips/scripts you'd like to share with others, contact us.


References and Resources

A list of Solaris resources and references:
securityportal.com/topnews/weekly/solarisref.html

All security tool news is now summarised in the 'Weekly Security Tools Digest'
http://securityportal.com/topnews/weekly/tools.html


About the Author

Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.

© Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 29 December, 2000

Sign up to get this digest and many others by email.