By Seán Boran (sean at boran.com) for SecurityPortal
Weekly Solaris Security Digest Archive
http://www.securityportal.com/research/research.wss.html
none
2001-02-24: Simple Server Directory Traversal Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=24152001-02-21: Ultimate Bulletin Board [IMG] Tag JavaScript Embedding Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2408
In this section we aim to inform you of new patches published by Sun. Patches are published [on ftp://sunsolve.sun.com/pub/patches] in two ways:
We analyze both reports since changes in one are not always reflected in the other.
1. The latest Solaris 'Recommended & Security Patch clusters' are as follows:
Solaris 8 Mar/01/01:
109805-02 SunOS 5.8: pam_krb5.so.1 patch
108981-04 SunOS 5.8: /kernel/drv/hme and /kernel/drv/sparcv9/hme patch
110898-01 SunOS 5.8: csh/pfcsh patch
108727-06 SunOS 5.8: /kernel/fs/nfs and /kernel/fs/sparcv9/nfs patch
110609-01 SunOS 5.8: cdio.h and command.h USB header patch
109041-03 SunOS 5.8: sockfs patch
109883-02 SunOS 5.8: /usr/include/sys/ecppsys.h patch
109887-02 SunOS 5.8: smartcard patch
109896-04 SunOS 5.8: USB patchSolaris 8_x86 Mar/01/01:
109280-08 SunOS 5.8_x86: /kernel/drv/ip patch
109899-01 SunOS 5.8_x86: /kernel/drv/arp patch
109741-03 SunOS 5.8_x86: /kernel/drv/udp patch
109743-02 SunOS 5.8_x86: /kernel/drv/icmp patch
110701-01 SunOS 5.8_x86: automount patch
10899-01 SunOS 5.8_x86: csh/pfcsh patch
109042-03 SunOS 5.8_x86: sockfs patchSolaris 7 Feb/28/01:
106541-15 SunOS 5.7: Kernel update patch
107636-07 SunOS 5.7: X Input & Output Method patch
106942-15 SunOS 5.7: libnsl, rpc.nisd and nis_cachemgr patchSolaris 2.6 Feb/28/01
105667-03 SunOS 5.6: /usr/bin/rdist patch
106625-09 SunOS 5.6: libsec.a, libsec.so.1 and /kernel/fs/ufs patch
109339-02 SunOS 5.6: nscd's size grows - TTL values not implemented
105633-51 OpenWindows 3.6: Xsun patchSolaris 2.5.1 Feb/27/01:
104605-11 SunOS 5.5.1: ecpp driver patch
2. New or updated individual security/recommended patches.
No changes this week.
Please tell us if you have suggestions or feedback on how we present this patch analysis.
SSH
F-Secure SSH 2.4
F-Secure have written in to say that the only technical opportunity in 2.4 over 2.3 is if you plan to integrate SSH with SecurID. 2.4 does have native SSH integrated with challenge-response support. So if use 2.3 or later you are covered against the vulnerabilities recently discovered.
F-Secure also announced F-Secure SSH Server 5.0 for Windows last week.
http://www1.buyonet.com/f-secure/sshntsrv
OpenSSH 2.5.1p2
http://www.openssh.com/portable.html
Changes from p1 are: PAM, compiling problems on some platforms, EGD detection, and uid handling.
IDS Review
Dragos Ruiu
http://securityportal.com/articles/idsintroduction20010226.htmlAn interesting and useful review of free and commercial NIDS for SOHO and large site usage.
Linux Security
Network monitoring, access control, and booby traps using TCP Wrappers - I
Trevor Warren
http://www.freeos.com/articles/3729/In introduction to the TCP wrappers. No innovative examples on how to use them though.
O'Reilly
Using SSH Tunneling
Rob Flickenger
http://www.oreillynet.com/pub/a/wireless/2001/02/23/wep.htmlThey say that the Wired Equivalent Privacy protocol has been cracked. What's a wireless user to do? Tunnel. Secure Shell (SSH) is open, free, fast, secure, and easy to setup (once you know how).
Comment: This paper presents a simple example on port tunneling with SSH.
Anticryptography: The Next Frontier in Computer Science
Brian McConnell
http://www.oreilly.com/news/seti_0201.htmlEver since Mosaic, the computer industry has been obsessed with cryptography. The crusade to put strong encryption technology in the hands of ordinary computer users is a noble and important cause. Yet in our obsession with encryption and electronic anonymity, we've overlooked something equally important, the idea of creating complex messages that decode themselves.
Basics: Understanding Unix Filesystems
Dru Lavigne
http://www.oreillynet.com/pub/a/bsd/2001/02/28/FreeBSD_Basics.html
Daemon News
OpenBSD bridge without IPs using IPF Tutorial
by Doug Hogan and Bryan Hinton
http://www.daemonnews.org/200103/ipf_bridge.htmlThe Sunscreen fans among you might be interested in an alternative 'stealth' firewall.....
Adventures in firewalling
Bill Moran
http://www.daemonnews.org/200103/firewall.htmlSome practical tips on configuring firewalls, especially with ipfw.
Sex, drugs, and technology, Demonizing cryptography
By Carole Fennelly
http://www.sunworld.com/unixinsideronline/swol-02-2001/swol-0223-unixsecurity.html"People fear what they don't understand -- and the average person doesn't understand anything that ends with ography. When in doubt, blame technology."
Understanding the Solaris socket filesystem
Jim Mauro
http://www.sunworld.com/unixinsideronline/swol-02-2001/swol-0202-insidesolaris.htmlA useful overview of socket implementations on pre Solaris 2.6 releases.
IT security: Keep it at home or take it outside?
Connolly and Tom Yager
http://www.sunworld.com/unixinsideronline/swol-02-2001/swol-0216-ITsecurity.htmlAs the Internet becomes an ever-more dominant medium for doing business, companies require even greater protection for their intellectual assets. Conducting business via the Web turns your network into a proving ground for hackers bent on infamy. Stepping up to meet this challenge are security outsourcing companies that promise to constantly monitor and tune your firewalls, routers, and servers via remote links for maximum protection. That idea delights a growing number of IT leaders; still, many tremble at the thought of trusting the corporate jewels to outsiders.
Comment: An entertaining debate on In-house 'control freaks' and external consultants.
SecurityFocus
Comparative Analysis of Methods of Defense against Buffer Overflow Attacks
Istvan Simon
http://www.mcs.csuhayward.edu/~simon/security/boflo.htmlFor the past several years Buffer Overflow attacks have been the main method of compromising a computing system's security. Many of these attacks have been devastatingly effective, allowing the attacker to attain administrator privileges on the attacked system. We review the anatomy of these attacks and the reasons why conventional methods of defense have been ineffective, and likely to remain so in the foreseeable future. Recently, however, several promising methods of defense have been proposed. We compare the strengths and weaknesses of these defense methods.
The Field Guide for Investigating Computer Crime, Part Seven: Information Discovery - Basics and Planning
Timothy E. Wright
http://www.securityfocus.com/focus/ih/articles/crimeguide7.htmlThis is the seventh installment of SecurityFocus.com's Field Guide for Investigating Computer Crime. The previous installment in this series, "Search and Seizure - Evidence Retrieval and Processing", concluded the overview of search and seizure with a discussion of the retrieval and processing of computer crime scene evidence. In this installment, we will begin our discussion of information discovery - the process of viewing log files, databases and other data sources on unseized equipment, in order to find and analyze information that may be of importance to a computer crime investigation.
02/24/01 NFS over ssh
http://www.securityfocus.com/archive/92/16488702/23/01 OpenSSH and passwords
http://www.securityfocus.com/archive/92/16488602/23/01 Solaris with MD5 crypted passwords?
http://www.securityfocus.com/archive/92/16418702/23/01 CDE daemons
http://www.securityfocus.com/archive/92/165056Note: as the links to the threats themselves are too long to be published, the above links directly point on the first message of each discussion.
Yassp beta 15 is still current.
Discussions this week:
Telnet & ftp
http://www.theorygroup.com/Archive/YASSP/2001/msg00091.htmlWhen compiling packages ...
http://www.theorygroup.com/Archive/YASSP/2001/msg00088.htmlRepackaging yassp's tcpd
http://www.theorygroup.com/Archive/YASSP/2001/msg00087.htmlUncommenting inetd.conf Lines After Installing YASSP
http://www.theorygroup.com/Archive/YASSP/2001/msg00037.htmlOpenSSH package: (tentative) summary of recent discussions
http://www.theorygroup.com/Archive/YASSP/2001/msg00060.htmlUpdated docs
http://www.theorygroup.com/Archive/YASSP/2001/msg00064.htmlSee also http://www.yassp.org
All security tool news is now summarized in the 'Weekly Security Tools Digest'
http://securityportal.com/topnews/weekly/tools.html
Of note is:
I'd not read the CERT documents on security in a long time and was pleasantly
surprised, they are looking good and worth a visit:
http://www.cert.org/security-improvement/index.html#unix
On a more comprehensive level, the english translation of the IT Baseline Protection Manual (itbpm) is available on http://www.bsi.bund.de/english.
All weekly digests are archive at:
securityportal.com/research/research.digestarchives.html
Sign up to get this digest and many others by email.
A list of Solaris resources and references:
securityportal.com/topnews/weekly/solarisref.html
Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
© Copyright 2001, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 02 March, 2001 |