By Seán Boran (sean at boran.com) for SecurityPortal
Weekly Solaris Security Digest Archive
http://www.securityportal.com/research/research.wss.html
Open mail relays used to deliver "Hybris Worm"
http://www.cert.org/incident_notes/IN-2001-02.htmlIt is well documented that intruders have used open mail relays for years to deliver unsolicited email. Recently, the CERT/CC has received reports of intruders using open mail relays to propagate malicious code such as the "Hybris Worm."
none
2001-02-28: Joe Text Editor .joerc Arbitrary Command Execution Vulnerability
http://securityfocus.com/vdb/bottom.html?vid=2437
In this section we aim to inform you of new patches published by Sun. Patches are published [on ftp://sunsolve.sun.com/pub/patches] in two ways:
We analyze both reports since changes in one are not always reflected in the other.
1. The latest Solaris 'Recommended & Security Patch clusters' are as follows:
Solaris 8 Mar/06/01:
108652-27 X11 6.4.1 Xsun patch
108879-05 Solstice AdminSuite 3.0.1: Auditing, compat mode, passwd, autohome
110901-01 SunOS 5.8: /kernel/drv/sgen and /kernel/drv/sparcv9/sgen patch
109877-01 SunOS 5.8: /usr/include/sys/dma_i8237A.h patch
109892-03 SunOS 5.8: ecpp patch
110662-02 SunOS 5.8: ksh patchSolaris 8_x86 Mar/06/01:
108653-23 X11 6.4.1_x86: Xsun patch
108881-05 Solstice AdminSuite 3.0.1_x86: Auditing compat mode passwd autohome
110902-01 SunOS 5.8_x86: /kernel/drv/sgen patch
110663-02 SunOS 5.8_x86: ksh patch
110610-01 SunOS 5.8_x86: cdio.h and commands.h USB patch
108529-06 SunOS 5.8_x86: kernel update patch
109897-04 SunOS 5.8_x86: USB patch
Solaris 7 Mar/08/01:
107893-11 OpenWindows 3.6.1: Tooltalk patch
107022-07 CDE 1.3: Calendar Manager patch
107259-02 SunOS 5.7: /usr/sbin/vold patch
107702-07 CDE 1.3: dtsession patch
108374-05 CDE 1.3: libDtWidget PatchSolaris 2.6 Mar/07/01: date changed and some Solaris 8 patches listed by mistake.
107618-02 SunOS 5.6: patch /usr/sbin/vold
Solaris 2.5.1 Mar/07/01: date changed only.
2. New or updated individual security/recommended patches.
105667-02 SunOS 5.6: /usr/bin/rdist patch
106625-08 SunOS 5.6: libsec.a, libsec.so.1 and /kernel/fs/ufs patch
109339-01 SunOS 5.6: nscd has a potential security problem
105633-50 OpenWindows 3.6: Xsun patch
Note the Solaris 2.6 patch report was badly messed up on March 9th, with about 200 patches apparently changed which is unlikely.106541-14 SunOS 5.7: Kernel update patch
106942-14 SunOS 5.7: libnsl, rpc.nisd and nis_cachemgr patch
107022-06 CDE 1.3: Calendar Manager patch
107893-10 OpenWindows 3.6.1: Tooltalk patch109280-06 SunOS 5.8_x86: /kernel/drv/ip patch
109279-06 SunOS 5.8: /kernel/drv/ip patch
109892-02 * SunOS 5.8: ecpp patch
109896-03 * SunOS 5.8: USB patch
109965-03 * SunOS 5.8: pam_smartcard.so.1 patch
110898-01 SunOS 5.8: csh/pfcsh patch
The following were reports as being new, if may be incorrect:
108528-06 SunOS 5.8: kernel update patch
108875-07 SunOS 5.8: c2audit patch
108968-02 SunOS 5.8: vol/vold/rmmount patch
108975-04 SunOS 5.8: /usr/bin/rmformat and /usr/sbin/format patch
108985-02 SunOS 5.8: /usr/sbin/in.rshd patch
109320-01 SunOS 5.8: LP patch
109322-02 SunOS 5.8: libnsl patch
109783-01 SunOS 5.8: /usr/lib/nfs/nfsd patch
109888-05 SunOS 5.8: platform drivers patch
109893-01 * SunOS 5.8: stc driver patch
109894-01 * SunOS 5.8: bpp patch
109951-01 SunOS 5.8: jserver buffer overflow
110416-02 SunOS 5.8: ATOK12 patch
110453-01 SunOS 5.8: admintool patch
110898-01 SunOS 5.8: csh/pfcsh patch
Please tell us if you have suggestions or feedback on how we present this patch analysis.
SecurityPortal
A Tool for Cold Mirroring of Solaris System Disks - mirror_boot.sh
Seán Boran
http://securityportal.com/articles/coldmirroring20010306.html
Zen and the Art of Breaking Security - Part I & Part II
Razvan Peteanu
http://securityportal.com/articles/zenandsecurity20010301.html
http://securityportal.com/articles/zenandsecurity20010308.html
URL, Little Do We Know Thee
Razvan Peteanu
http://securityportal.com/articles/urlurl20010307.html
Unix Insider
The opening of secrets (the history of public key cryptography)
Steven Levy
http://www.sunworld.com/unixinsideronline/swol-03-2001/swol-0302-bookshelf.html
Is Open Source Un-American?
Tim O'Reilly
http://onlamp.com/pub/a/onlamp/2001/03/08/unamerican.html
InfoSecurity Magazine
The Little Things
Dana W. Paxson
http://www.infosecuritymag.com/articles/march01/columns_logoff.shtmlSecurity begins with the little things. Do them to death. You'll be glad you did.
Security for the CXO - Calculating risk
Peter Tippett
http://www.infosecuritymag.com/articles/march01/columns_executive_view.shtml
Solaris Network Hardening: First Steps
Reg Quinton
http://www.samag.com/current/0104i/0104i.htmThis article looks at using tools like netstat/rpcinfo/lsof/inetd.conf to find out what is actually going on a system, before you go at hardening it.
Quick Network Redundancy Schemes
Leo Liberti
http://www.samag.com/current/0104a/0104a.htmSimple bash scripting and IP aliasing can be used to implement quick and easy host redundancy schemes based either on host availability or service availability.
Comment: if you use the ideas present, use SSH and not rexec for remote execution. Rexec belongs in a museum (from a security standpoint).
pkg-get
http://www.bolthole.com/solaris/pkg-get.html
Makes it easy to download any package that sunfreeware.com has for your architecture and OS level. It is based on wget.
Comment: looks interesting indeed! In fact take some time to visit this site, as there are lots of well presented tips on various Solaris topics. http://www.bolthole.com/solaris
Everything Solaris
http://everythingsolaris.orgAnother Solaris tips site to browse.
02/27/01 Re: CDE security
http://www.securityfocus.com/archive/92/16611902/26/01 NFS over ssh
http://www.securityfocus.com/archive/92/164887Note: as the links to the threats themselves are too long to be published, the above links directly point on the first message of each discussion.
Yassp beta 15 is still current. No discussions this week.
See also http://www.yassp.org
Security tool news is now summarized in the 'Weekly Security Tools Digest'
http://securityportal.com/topnews/weekly/tools.html
Updates to General free tools this week include mod_ssl and Tripwire.
Auditing and Intrusion Monitoring tools include Snort and 2 Snort tools, PIKT, BigBrother, MergeLog, ScanSSH and 3 other tools.
Firewalls for UNIX/Linux/BSD & Cross-platform include FloppyFw, IPtables Linux Firewall, Iridium, Knetfilter and Firestorm Firewall Monitor.
Tools for Linux/Unix/Cross Platform include Mozilla NSS, Ethereal, Sectar, OpenCL and 5 other tools.
Tools for Windows include Tiny Personal Firewall, ACL tools and VCatch.
A great little *windows* tool that will finally allow you to replace FTPD with SSHD on your multi-user servers is Winscp v1.0 by Martin Prikryl ( http://winscp.vse.cz/eng ), it's GUI is good enough that non techie users can find their way around it.
Sendmail version 8.11.3 is now available. This version fixes a large bug on systems using buffered file I/O. There is also a fix that properly handles buggy accept() calls, preventing a potential denial of service. See ftp://ftp.sendmail.org/pub/sendmail
/usr/sbin/prtvtoc /dev/rdsk/c0t3d0s2 | /usr/sbin/fmthard -n mirror -s - /dev/rdsk/c0t1d0s2
All weekly digests are archive at:
securityportal.com/research/research.digestarchives.html
Sign up to get this digest and many others by email.
A list of Solaris resources and references:
securityportal.com/topnews/weekly/solarisref.html
Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
© Copyright 2001, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 08 March, 2001 |