Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-15-2002, 10:26 PM
|
#1
|
Member
Registered: Jun 2002
Posts: 68
Rep:
|
security flaws threaten unix and linux systems.....
What is thatI read one of the web side it say`s
Security Flaws threaten unix and linux systems/news:CW360 check at out on http: www.cw360.com/article&rd=&i=&ard=114145&fv=1
you can find out what`s happening with that security flaws.
Ich_hoffe
|
|
|
07-16-2002, 06:03 AM
|
#2
|
Member
Registered: Mar 2002
Location: Elyria, Ohio
Distribution: Debian, Nothing else required
Posts: 141
Rep:
|
The following extract is from that CERT Advisory. As can been seen, the fixes are in the works, and workarounds currently exists. Since Linux doesn't use CDE, it is not part of the advisory. -mk
Quote:
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this
advisory. As vendors report new information to the CERT/CC, we will
update this section and note the changes in our revision history. If a
particular vendor is not listed below, we have not received their
comments.
Caldera, Inc.
Caldera Open UNIX and Caldera UnixWare provide the CDE
ttdbserverd daemon, and are vulnerable to these issues. We have
prepared fixes for those two operating systems, and will make
them available as soon as these issues are made public.
SCO OpenServer and Caldera OpenLinux do not provide CDE, and
are therefore not vulnerable.
Compaq Computer Corporation
SOURCE: Compaq Computer Corporation, a wholly-owned subsidiary
of Hewlett-Packard Company and Hewlett-Packard Company HP
Services Software Security Response Team
CROSS REFERENCE: SSRT2251
At this time Compaq does have solutions in final testing and
will publish HP Tru64 UNIX security bulletin (SSRT2251) with
patch information as soon as testing has completed and kits are
available from the support ftp web site.
A recommended workaround however is to disable rpc.ttdbserver
until solutions are available. This should only create a
potential problem for public software packages applications
that use the RPC-based ToolTalk database server. This step
should be evaluated against the risks identified, your security
measures environment, and potential impact of other products
that may use the ToolTalk database server.
To disable rpc.ttdbserverd:
+ Comment out the following line in /etc/inetd.conf:
rpc.ttdbserverd stream tcp swait root
/usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd (line wrapped)
+ Force inetd to re-read the configuration file by executing
the inetd -h command.
Note: The internet daemon should kill the currently running
rpc.ttdbserver. If not, manually kill any existing
rpc.ttdbserverd process.
Cray, Inc.
Cray, Inc. does include ToolTalk within the CrayTools product.
However, rpc.ttdbserverd is not turned on or used by any Cray
provided application. Since a site may have turned this on for
their own use, they can always remove the binary
/opt/ctl/bin/rpc.ttdbserverd if they are concerned.
Fujitsu
Fujitsu's UXP/V operating system is affected by the
vulnerability reported in VU#975403 [or VU#299816] because
UXP/V does not support any CDE functionalties.
Hewlett-Packard Company
HP9000 Series 700/800 running HP-UX releases 10.10, 10.20,
11.00, and 11.11 are vulnerable.
Until patches are available, install the appropriate file to
replace rpc.ttdbserver.
Download rpc.ttdbserver.tar.gz from the ftp site. This file is
temporary and will be deleted when patches are available from
the standard HP web sites, including itrc.hp.com.
System: hprc.external.hp.com (192.170.19.51)
Login: ttdb1
Password: ttdb1
FTP Access: ftp://ttdb1:ttdb1@hprc.external.hp.com/
ftp://ttdb1:ttdb1@192.170.19.51/
File: rpc.ttdbserver.tar.gz
MD5: da1be3aaf70d0e2393bd9a03feaf4b1d
An HP security bulletin will be released with more information.
IBM Corporation
The CDE desktop product shipped with AIX is vulnerable to both
the issues detailed above in the advisory. This affects AIX
releases 4.3.3 and 5.1.0 An efix package will be available
shortly from the IBM software ftp site. The efix packages can
be downloaded from ftp.software.ibm.com/aix/efixes/security.
This directory contains a README file that gives further
details on the efix packages.
The following APARs will be available in the near future:
AIX 4.3.3: IY32368
AIX 5.1.0: IY32370
SGI
SGI acknowledges the ToolTalk vulnerabilities reported by CERT
and is currently investigating. No further information is
available at this time.
For the protection of all our customers, SGI does not disclose,
discuss or confirm vulnerabilities until a full investigation
has occurred and any necessary patch(es) or release streams are
available for all vulnerable and supported IRIX operating
systems. Until SGI has more definitive information to provide,
customers are encouraged to assume all security vulnerabilities
as exploitable and take appropriate steps according to local
site security policies and requirements. As further information
becomes available, additional advisories will be issued via the
normal SGI security information distribution methods including
the wiretap mailing list on
http://www.sgi.com/support/security/.
Sun Microsystems, Inc.
The Solaris RPC-based ToolTalk database server, rpc.ttdbserver,
is vulnerable to the two vulnerabilities [VU#975403 VU#299816]
described in this advisory in all currently supported versions
of Solaris:
Solaris 2.5.1, 2.6, 7, 8, and 9
Patches are being generated for all of the above releases. Sun
will publish a Sun Security Bulletin and a Sun Alert for this
issue. The Sun Alert will be available from:
http://sunsolve.sun.com
The patches will be available from:
http://sunsolve.sun.com/securitypatch
Sun Security Bulletins are available from:
http://sunsolve.sun.com/security
Xi Graphics
Xi Graphics deXtop CDE v2.1 is vulnerable to this attack. When
announced, the update and accompanying text file will be:
ftp://ftp.xig.com/pub/updates/dextop...2100.016.tar.\
gz (line wrapped)
ftp://ftp.xig.com/pub/updates/dextop...EX2100.016.txt
Most sites do not need to use the ToolTalk server daemon. Xi
Graphics Security recommends that non-essential services are
never enabled. To disable the ToolTalk server on your system,
edit /etc/inetd.conf and comment out, or remove, the
'rpc.ttdbserver' line. Then, either restart inetd, or reboot
your machine.
|
|
|
|
All times are GMT -5. The time now is 10:37 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|