_ RU.UNIX.SOLARIS (2:5077/15.22) _____________________________ RU.UNIX.SOLARIS _
From : Dmitry Smirnov - SUN/CIS Novosibirs 2:5020/400 09 Aug 99 08:08:42
Subj : Re: дырки
________________________________________________________________________________
From: Dmitry Smirnov - SUN/CIS Novosibirsk SE <Dmitry.Smirnov@sun.nsk.su>
Pavel Makarenko wrote:
> Hello All!
>
> сетевой сканер cybercop нашел некоторое количество сабжей. ниже куски лога от
> сканера на 4 наиболее неприятные ошибки (особенно первые две раздражают :)
> кто либо может посоветовать как это лечить? солярис 2.6 спарк. все
> рекоммендуемые и секьюрные патчи (от 30.07.99) установлены.
;)
Most of commercial UNIX'es are based off of generic Berkeley and AT&T source
code.
By the way any UNIX have a bugs which allow local and remote users to hack your
system.
Please check latest Windows NT release for more stable and secure operation
system that are
not based on any well-know source code. BG, 1999
>
>
> 1. Routed append check
> ----------------------
> Most route daemons which are based off of generic Berkeley source code
> have a bug which will allow remote users to append garbage over system
> critical files. If this module returns vulnerable, it does not necessarily
> mean that your host is vulnerable to this attack.
Думаю если бы проблема у Сана здесь была ее бы уже залатали.
>
>
>
> 2. IP forwarding check
> ----------------------
> The IP forwarding check verifies if your host will forward source routed
> packets. Having source routing enabled on your firewall allows an attacker
> to completely bypass it and access your internal network, by routing
> through your firewall.
>
> Suggestions:
>
> We suggest you turn off IP forwarding in your kernel of your gateway host
> and filter all source routed packets.
>
> > _как_ мне это в ядре поправить?!
ndd /dev/ip -set ip_forwarding 0
в стартап скрипт. Хмм - роутинг работать не будет. :)
>
>
> 3. rpc.statd link/unlink check
> ------------------------------
> rpc.statd (or simply statd on some machines) is used to interact with
> rpc.lockd to ensure file locking keeps state on NFS servers. Many versions
> of rpc.statd have a vulnerability whereby they can be forced to unlink,
> (delete) or create files as root remotely. This check discerns whether
> your version of rpc.statd is vulnerable to attack. There is no method to
> verify whether this attack worked remotely.
Есть security patch
>
>
> 4. DNS denial of service check
> ------------------------------
> DNS denial of service check This purpose of this module is to attempt to
> make the DNS server unable to resolve information for a given host by
> sending invalid data to a DNS server.
Есть security patch.
>
>
> Pavel
--
- ---
Dmitry Smirnov - SUN CIS/Novosibirsk SE
Phone: +7-3832-230-222, +7-3832-233-581 Fax: +7-3832-230-458
--- ifmail v.2.14dev3 * Origin: Sun Microsystems Russia/Novosibirsk (2:5020/400)