3 - Particular Vulnerabilities (Security Patches) p3
Description
This article is from the Security Patches FAQ, by Christopher Klaus cklaus@iss.net with numerous contributions by others.
3 - Particular Vulnerabilities (Security Patches) p3
Sun Microsystems, Inc.
Sun has developed patches for all supported platforms and architectures,
including Trusted Solaris, Solaris x86, and Interactive Unix. Note that Sun
no longer supports the sun3 architecture and versions of the operating
system that precede 4.1.3.
Current patches are listed below.
OS version Patch ID Patch File Name
---------- --------- ---------------
4.1.3 100377-19 100377-19.tar.Z
4.1.3_U1 101665-04 101665-04.tar.Z
5.3 101739-07 101739-07.tar.Z
5.4 102066-04 102066-04.tar.Z
5.4_x86 102064-04 102064-04.tar.Z
The patches can be obtained from local Sun Answer Centers and through
anonymous FTP from ftp.uu.net in the /systems/sun/sun-dist directory. In
Europe, the patches are available from mcsun.eu.net in the /sun/fixes
directory.
The patches are also available through the usual URL on World Wide Web.
Sun is issuing Security Bulletin #129 with details on February 22; the
patches will become available worldwide during the 24 hours to follow.
HTTPd (WWW)
There is a bug in NCSA v1.3 HTTP Web server that allows anyone to execute
commands remotely. The bug is due to overwriting a buffer. Please get the
newest patch from ftp.ncsa.uiuc.edu. More information is available from
http://hoohoo.ncsa.uiuc.edu/docs/patch_desc.html .
Rdist Patches
(Unless you really need rdist, chmod 000 rdist works fine.)
Apollo Domain/OS SR10.3 and SR10.3.5 (Fixed in SR10.4)
a88k PD92_P0316
m68k PD92_M0384
Cray Research, Inc. UNICOS 6.0/6.E/6.1 Field Alert #132 SPR 47600
IBM RS/6000 AIX levels 3005, 2006, 2007, and 3.2 apar ix23738
Patches may be obtained by calling Customer Support at 1-800-237-5511.
NeXT Computer, Inc. NeXTstep Release 2.x
Rdist available on the public NeXT FTP archives.
Silicon Graphics IRIX 3.3.x/4.0 (fixed in 4.0.1) Patches may be obtained via
anonymous ftp from sgi.com in the sgi/rdist directory.
Solbourne OS/MP 4.1A Patch ID P911121003
Sun Microsystems, Inc. SunOS 4.0.3/4.1/4.1.1 Patch ID 100383-06
IP Spoofing Vulnerabilities
IP Spoofing attacks allow an intruder to send packets as if they were coming
from a trusted host and some services based on IP based authenication allow
an intruder to execute commands. Because these packets appear to come from a
trusted host, it may be possible to by-pass firewall security. IP Spoofing
is more detailed in the following papers:
* "Security Problems in the TCP/IP Protocol Suite" by Steve Bellovin. It
is available for ftp from
research.att.com:/dist/internet_security/ipext.ps.Z
* "A Weakness in the 4.2BSD Unix TCP/IP Software," by Robert T. Morris.
It is available for ftp from
research.att.com:/dist/internet_security/117.ps.Z
Some of the services based on IP authenication are:
* Rsh
* Rlogin
* NFS
* NIS
* X Windows
* Services secured by TCP Wrappers access list.
It can help turn off these services especially Rsh and Rlogin.
You can filter out IP spoofed packets with certian routers with the use of
the input filter. Input filter is a feature on the following routers:
* Bay Networks/Wellfleet, version 5 and later
* Cabletron with LAN Secure
* Cisco, RIS software version 9.21 and later
* Livingston
* NSC
TCP Wrapper in conjunction with Identd can help to stop IP spoofing because
then the intruder must not not only spoof the connection to Rsh/Rlogin, they
must spoof the information to identd which is not as trivial.
TCP Wrapper is available on ftp://ftp.win.tue.nl/pub/security/.
3.shar.Z
Identd is available on ftp.lysator.liu.se:/pub/ident/servers
Add the following to TCP Wrappers access list:
ALL: UNKNOWN@ALL: DENY
This will drops all TCP connections where ident lookup fails.
Continue to:
My Books
