www.net-security.org/dl/newsletter/txt/issue059.txt::
on the server hosting the FTP daemon, with the exception of a few cases PitBull LX on Solaris delivers the strength and power of market-leading PitBull
http://www.net-security.org/dl/newsletter/txt/issue059.txtHOME |
Officials with CERT Coordination Center warned Wednesday that it has discovered serious holes that affect some Sun Microsystems servers.
The format string vulnerability affects the rwall daemon (rpc.rwalld), in Sun Solaris 2.5.1, 2.6, 7, and 8. CERT said Hewlett-Packard servers; IBM's AIX operating system, versions 4.3.x and 5.1L; and NetBSD are not at risk.
Nessus Scan Report::
A buffer overflow exists in the daemon if AFS is enabled on RPC program #100008 version 1 walld (rwall shutdown) is running on this port
http://www.bnsmidwest.com/report.htmHOME |
The rwall daemon is a utility used to listen for wall requests on the network. When a request is received, it calls wall, which sends the message to all terminals of a time-sharing system. The vulnerability may permit an intruder to execute code with the privileges of the rwall daemon.
CERT said a user identified as "GOBBLES" identified the vulnerability, which has been documented at the CERT home site, but the organization said it has not seen active scanning or exploitation of the hole.
Solaris 7 Setuid/Setgid files::
Default -- leave it alone, modest risk. The files /usr/lib/cron/at.allow On Solaris /var/adm/utmp and utmpx files are managed by the utmpd daemon. Older
http://ist.uwaterloo.ca/security/howto/1999-04-21/paper.pdfHOME |
So how bad is the hole? CERT said an intruder could consume system resources and potentially prevent wall from executing, which would trigger the rwall daemon's error message.
"The vulnerability may be exploited both locally and remotely, although remote exploitation is significantly more difficult," CERT issued in a statement.
trinity os paper on security::
varies from Unix to Unix (Linux, Solaris, AIX, HP-UX, etc) they are bwnfsd There are at least (5) ways to turn on/off what daemons load: Via A GUI
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/WRI/TrinityOS.wriHOME |
changelog::
This new release minimizes the risk of cache poisoning. execution in Sambas WINS server daemon (nmbd) when processing name registration
http://data.bluewhite64.com/bluewhite64-12.0/ChangeLog.txtHOME |
Sun confirmed the problem late Wednesday, but the Palo Alto, Calif.-based networking giant said the issue relies on a combination of events, including the exhaustion of system resources, which are difficult to control by a remote user in order to be exploited. The company said it is currently generating patches for the problem and will issue a Sun Security Bulletin as soon as the patches are available. The company suggests disabling rpc.rwalld(1M) in inetd.conf as a workaround interim.
CERT said if disabling the rwall daemon is not an option, Solaris owners at risk should implement a firewall to limit access to rpc.rwalld (typically port 32777/UDP). However, the group said that solution would not mitigate all vectors of attack.
 ISS, Network Assoc. Tackle Online Security Threats
 'Melissa' Creator Gets 20 Months |
