LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page security flaws threaten unix and linux systems.....
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-15-2002, 10:26 PM   #1
Ich_hoffe
Member
 
Registered: Jun 2002
Posts: 68

Rep: Reputation: 15
Question security flaws threaten unix and linux systems.....

What is thatI read one of the web side it say`s
Security Flaws threaten unix and linux systems/news:CW360 check at out on http:www.cw360.com/article&rd=&i=&ard=114145&fv=1
you can find out what`s happening with that security flaws.

Ich_hoffe
 
Old 07-16-2002, 06:03 AM   #2
mikek147
Member
 
Registered: Mar 2002
Location: Elyria, Ohio
Distribution: Debian, Nothing else required
Posts: 141

Rep: Reputation: 15
The following extract is from that CERT Advisory. As can been seen, the fixes are in the works, and workarounds currently exists. Since Linux doesn't use CDE, it is not part of the advisory. -mk

Quote:
Appendix A. - Vendor Information

This appendix contains information provided by vendors for this
advisory. As vendors report new information to the CERT/CC, we will
update this section and note the changes in our revision history. If a
particular vendor is not listed below, we have not received their
comments.


Caldera, Inc.

Caldera Open UNIX and Caldera UnixWare provide the CDE
ttdbserverd daemon, and are vulnerable to these issues. We have
prepared fixes for those two operating systems, and will make
them available as soon as these issues are made public.

SCO OpenServer and Caldera OpenLinux do not provide CDE, and
are therefore not vulnerable.


Compaq Computer Corporation

SOURCE: Compaq Computer Corporation, a wholly-owned subsidiary
of Hewlett-Packard Company and Hewlett-Packard Company HP
Services Software Security Response Team

CROSS REFERENCE: SSRT2251

At this time Compaq does have solutions in final testing and
will publish HP Tru64 UNIX security bulletin (SSRT2251) with
patch information as soon as testing has completed and kits are
available from the support ftp web site.

A recommended workaround however is to disable rpc.ttdbserver
until solutions are available. This should only create a
potential problem for public software packages applications
that use the RPC-based ToolTalk database server. This step
should be evaluated against the risks identified, your security
measures environment, and potential impact of other products
that may use the ToolTalk database server.

To disable rpc.ttdbserverd:

+ Comment out the following line in /etc/inetd.conf:
rpc.ttdbserverd stream tcp swait root
/usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd (line wrapped)

+ Force inetd to re-read the configuration file by executing
the inetd -h command.

Note: The internet daemon should kill the currently running
rpc.ttdbserver. If not, manually kill any existing
rpc.ttdbserverd process.


Cray, Inc.

Cray, Inc. does include ToolTalk within the CrayTools product.
However, rpc.ttdbserverd is not turned on or used by any Cray
provided application. Since a site may have turned this on for
their own use, they can always remove the binary
/opt/ctl/bin/rpc.ttdbserverd if they are concerned.


Fujitsu

Fujitsu's UXP/V operating system is affected by the
vulnerability reported in VU#975403 [or VU#299816] because
UXP/V does not support any CDE functionalties.


Hewlett-Packard Company

HP9000 Series 700/800 running HP-UX releases 10.10, 10.20,
11.00, and 11.11 are vulnerable.

Until patches are available, install the appropriate file to
replace rpc.ttdbserver.

Download rpc.ttdbserver.tar.gz from the ftp site. This file is
temporary and will be deleted when patches are available from
the standard HP web sites, including itrc.hp.com.

System: hprc.external.hp.com (192.170.19.51)
Login: ttdb1
Password: ttdb1
FTP Access: ftp://ttdb1:ttdb1@hprc.external.hp.com/
ftp://ttdb1:ttdb1@192.170.19.51/
File: rpc.ttdbserver.tar.gz
MD5: da1be3aaf70d0e2393bd9a03feaf4b1d

An HP security bulletin will be released with more information.


IBM Corporation

The CDE desktop product shipped with AIX is vulnerable to both
the issues detailed above in the advisory. This affects AIX
releases 4.3.3 and 5.1.0 An efix package will be available
shortly from the IBM software ftp site. The efix packages can
be downloaded from ftp.software.ibm.com/aix/efixes/security.
This directory contains a README file that gives further
details on the efix packages.

The following APARs will be available in the near future:

AIX 4.3.3: IY32368

AIX 5.1.0: IY32370


SGI

SGI acknowledges the ToolTalk vulnerabilities reported by CERT
and is currently investigating. No further information is
available at this time.

For the protection of all our customers, SGI does not disclose,
discuss or confirm vulnerabilities until a full investigation
has occurred and any necessary patch(es) or release streams are
available for all vulnerable and supported IRIX operating
systems. Until SGI has more definitive information to provide,
customers are encouraged to assume all security vulnerabilities
as exploitable and take appropriate steps according to local
site security policies and requirements. As further information
becomes available, additional advisories will be issued via the
normal SGI security information distribution methods including
the wiretap mailing list on
http://www.sgi.com/support/security/.


Sun Microsystems, Inc.

The Solaris RPC-based ToolTalk database server, rpc.ttdbserver,
is vulnerable to the two vulnerabilities [VU#975403 VU#299816]
described in this advisory in all currently supported versions
of Solaris:

Solaris 2.5.1, 2.6, 7, 8, and 9

Patches are being generated for all of the above releases. Sun
will publish a Sun Security Bulletin and a Sun Alert for this
issue. The Sun Alert will be available from:

http://sunsolve.sun.com

The patches will be available from:

http://sunsolve.sun.com/securitypatch

Sun Security Bulletins are available from:

http://sunsolve.sun.com/security


Xi Graphics

Xi Graphics deXtop CDE v2.1 is vulnerable to this attack. When
announced, the update and accompanying text file will be:

ftp://ftp.xig.com/pub/updates/dextop...2100.016.tar.\
gz (line wrapped)

ftp://ftp.xig.com/pub/updates/dextop...EX2100.016.txt

Most sites do not need to use the ToolTalk server daemon. Xi
Graphics Security recommends that non-essential services are
never enabled. To disable the ToolTalk server on your system,
edit /etc/inetd.conf and comment out, or remove, the
'rpc.ttdbserver' line. Then, either restart inetd, or reboot
your machine.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel 2.6.13.1 fixes a couple security flaws. /bin/bash Linux - Security 2 09-15-2005 08:46 AM
Firefox/Mozilla security flaws and 4.10/5.04 t3gah Ubuntu 2 06-03-2005 01:27 PM
Security research suggests Linux has fewer flaws kaon Linux - News 1 03-30-2005 02:24 PM
[c] unix systems programming in MS VS C++? saiz66 Programming 2 10-07-2004 08:16 AM
Three security flaws could be used by an ordinary users to access Linux boxen witeshark Linux - Security 1 02-20-2004 01:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:22 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration