[101] in Intrusion Detection Systems
Mail failure
daemon@ATHENA.MIT.EDU (Adminstrator)
Thu May 11 21:04:52 1995
From: POSTMASTER@smtpgate.gstone.com (Adminstrator)
To: ids@UOW.EDU.AU
Date: Wed, 10 May 1995 19:00:56 -0900
Reply-To: ids@uow.edu.au
Date: Tue, 4 Apr 1995 23:39:31 -0700
From: Mark.Graff@Eng.Sun.COM ( Mark Graff )
To: cws@liberty.Eng.Sun.COM
Subject: Sun Security Bulletin #130
Precedence: junk
Reply-To: security-alert@Sun.COM
X-Sun-Charset: US-ASCII
-----------------------------------------------------------------------------
SUN MICROSYSTEMS SECURITY BULLETIN: #00130, 4 April 1995
-----------------------------------------------------------------------------
BULLETIN TOPICS
In this bulletin Sun discusses the potential impact of the release of
"SATAN", a public domain software package which probes UNIX systems for
security holes. We also include here a list of available security
patches for each supported SUNOS release, and a set of procedures we
recommend to help protect Sun systems against external attack.
SATAN is expected to be released at 8:00am EST tomorrow, 5 April 1995.
This package is the same one discussed in the recent CERT bulletin
CA-95:06.
I. Discussion of SATAN's potential impact on customer systems.
II. List of currently available Sun security patches.
III. Set of recommended security procedures.
APPENDICES
A. How to obtain Sun security patches
B. How to report or inquire about Sun security problems
C. How to obtain Sun security bulletins
/\ Send Replies or Inquiries To:
\\ \
\ \\ / Mark Graff
/ \/ / / Sun Security Coordinator
/ / \//\ MS MPK3
\//\ / / 2550 Garcia Avenue
/ / /\ / Mountain View, CA 94043-1100
/ \\ \ Phone: 415-688-9081
\ \\ Fax: 415-688-9764
\/ E-mail: security-alert@Sun.COM
-----------
Permission is granted for the redistribution of this Bulletin for
the purpose of alerting Sun customers to problems, as long as the
Bulletin is not edited and is attributed to Sun Microsystems.
Any other use of this information without the express written consent
of Sun Microsystems is prohibited. Sun Microsystems expressly disclaims
all liability for any misuse of this information by any third party.
-----------------------------------------------------------------------------
SUN MICROSYSTEMS SECURITY BULLETIN: #00130, 4 April 1995
-----------------------------------------------------------------------------
I. Discussion of SATAN's potential impact
Many people have asked for our evaluation of the package. What can
it do? How will it be used? What steps, if any, should
administrators of Sun systems take in reaction to the software's
release? Our answers here are based on our study of a pre-release
version made available to UNIX vendors last month.
A. What can it do?
SATAN provides a new and easy way to test UNIX systems for the
presence of several well-known security holes. None of the
problems probed for are new. Each one (in the version we have
seen) has already been discussed in previous CERT and Sun bulletins
and each can be countered either by installing the appropriate
patch or fixing a system configuration flaw. SATAN does not
introduce a distinct new threat to UNIX systems.
B. How will it be used?
Its authors, free-lance programmers Dan Farmer of the U.S. and
Wietse Venema of the Netherlands, intend SATAN as a protective tool
for system and network administrators. Its simple point-and-click
interface and broad distribution, however, make it likely that
SATAN will also be used to locate vulnerable systems for malicious
reasons.
C. What steps should system administrators take?
Sun recommends that customers:
1. Install all available security patches. A comprehensive list is
included in this bulletin.
2. Tighten up system and network configurations to close the other
security holes probed by SATAN. We have included here a set of
specific recommendations as a guide for your use.
3. Obtain a copy of SATAN and study it. Learn how it can be used
and familiarize yourself with its attacks.
II. List of currently available security patches.
Solaris 1.1 (4.1.3)
===================
Security patches
++++++++++++++++
o 100103-12: [README] SunOS 4.1.3;4.1.3_U1: set file permissions to more
secure mode (9658 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~
o 100272-07: [README] SunOS 4.1.3: Security update for in.comsat. (39489
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100296-04: [README] SunOS 4.1.1, 4.1.2, 4.1.3: netgroup exports to world
(40128 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~
o 100305-15: [README] SunOS 4.1.1, 4.1.2, 4.1.3: lpr Jumbo Patch (507355
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100372-02: [README] * SunOS 4.1.1;4.1.2;4.1.3: tfs and c2 do not work
together (729205 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~
o 100377-19: [README] SunOS 4.1.3: sendmail jumbo patch (216573 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100383-06: [README] SunOS 4.0.3;4.1;4.1.1;4.1.2;4.1.3: rdist security and
hard links enhancement, (123493 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100482-06: [README] SunOS 4.1;4.1.1;4.1.2;4.1.3: ypserv and ypxfrd fix,
plus
DNS fix (670354 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
o 100507-06: [updated] [README] SunOS 4.1.1, 4.1.2, 4.1.3: tmpfs jumbo patch
(62787 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~
o 100513-04: [README] * SunOS 4.1.1;4.1.2;4.1.3: Jumbo tty patch (531383
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100564-07: [README] * SunOS 4.1.2, 4.1.3: C2 Jumbo patch (2534211 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100567-04: [README] SunOS 4.1,4.1.1, 4.1.2, 4.1.3: mfree and icmp redirect
security patch (10277 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100593-03: [README] SunOS 4.1.3: Security update for dump. (247471 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100623-03: [README] SunOS 4.1.2;4.1.3: UFS jumbo patch (143981 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100630-02: [README] SunOS 4.1.1, 4.1.2, 4.1.3: SECURITY: methods to exploit
login/su (40552 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~
o 100631-01: [README] SunOS 4.1 4.1.1 4.1.2 4.1.3: env variables can be used
to exploit login (25432 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100890-10: [README] SunOS 4.1.3: domestic libc jumbo patch (3131283 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100891-10: [README] SunOS 4.1.3: international libc jumbo patch (3161107
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~
o 100909-03: [README] SunOS 4.1.1;4.1.2;4.1.3: Security update for syslogd.
(53666 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~
o 101072-02: [README] SunOS 4.1.1;4.1.2;4.1.3: Non-related data filled the
last block tarfile (245215 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101080-01: [README] SunOS 4.1.1 4.1.2 4.1.3: security problem with
expreserve (11790 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~
o 101200-03: [README] SunOS 4.1.3: Breach of security using modload (30894
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~
o 101480-01: [README] SunOS 4.1.1;4.1.2;4.1.3: Security update for in.talkd.
(44653 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~
o 101481-01: [README] SunOS 4.1.3: Security update for shutdown. (80997
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101482-01: [README] SunOS 4.1.3, 4.1.2, 4.1.1: Security update for write.
(41407 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~
o 101640-03: [README] SunOS 4.1.3: in.ftpd logs password info when -d option
is used. (142453 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~
o 102023-03: [README] SunOS 4.1.3: Root access possible via forced passwd
race
condition (39521 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
o 100448-02: [README] OpenWindows 3.0: loadmodule is a security hole. (4460
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
o 100452-68: [README] OpenWindows 3.0: XView 3.0 Jumbo Patch (1690398 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100478-01: [README] OpenWindows 3.0: xlock crashes leaving system open
(58475 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~
Solaris 1.1.1 (4.1.3_U1)
========================
Security patches
++++++++++++++++
o 100103-12: [README] SunOS 4.1.3;4.1.3_U1: set file permissions to more
secure mode (9658 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~
o 101434-03: [README] SunOS 4.1.3_U1: lpr Jumbo Patch (122313 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101436-08: [README] SunOS 4.1.3_U1: patch for mail executable (16166
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101440-01: [README] SunOS 4.1.3_U1: security problem: methods to exploit
login/su (6832 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~
o 101558-04: [README] SunOS 4.1.3_U1: international libc jumbo patch (3134886
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~
o 101579-01: [README] SunOS 4.1.3_U1: Security problem with expreserve for
Solaris 1.1.1 (15231 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
o 101587-01: [README] SunOS 4.1.3_U1: security patch for mfree and icmp
redirect (12685 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~
o 101621-02: [README] SunOS 4.1.3_U1: Jumbo tty patch (108693 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101665-04: [README] SunOS 4.1.3_U1: sendmail jumbo patch (217621 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101679-01: [README] SunOS 4.1.3_U1: Breach of security using modload (10358
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~
o 101759-02: [README] SunOS 4.1.3_U1: domestic libc jumbo patch (3143334
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 102060-01: [README] SunOS 4.1.3_U1: Root access possible via passwd race
condition (22711 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~
o 100448-02: [README] OpenWindows 3.0: loadmodule is a security hole. (4460
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
o 100452-68: [README] OpenWindows 3.0: XView 3.0 Jumbo Patch (1690398 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 100478-01: [README] OpenWindows 3.0: xlock crashes leaving system open
(58475 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~
Solaris 2.2
===========
Security patches
++++++++++++++++
o 100999-71: [updated] [README] SunOS 5.2: jumbo kernel patch (6918935
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101090-01: [README] SunOS 5.2: fixes security hole in expreserve (34800
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~
o 101301-03: [README] SunOS 5.2: security bug & tar fixes (411973 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101842-01: [README] SunOS 5.2: sendmail jumbo patch - security (196513
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solaris 2.3
===========
Security patches
++++++++++++++++
o 101318-70: [README] SunOS 5.3: Jumbo patch for kernel (includes libc,
lockd)
(9409417 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~
o 101327-08: [README] SunOS 5.3: security and miscellaneous tar fixes (426364
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~
o 101572-03: [README] SunOS 5.3: cron and at fixes (97117 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101582-03: [README] * SunOS 5.3: POINT PATCH: Password aging & NIS+ don't
work (together) (48120 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101615-02: [README] SunOS 5.3: miscellaneous utmp fixes (69639 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101620-01: [README] * SunOS 5.3: keyserv has a file descriptor leak (48740
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~
o 101631-02: [README] SunOS 5.3: kd and ms fixes (125951 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101712-01: [README] SunOS 5.3: uucleanup isn't careful enough when sending
mail (54101 bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~
o 101736-03: [README] * SunOS 5.3: nisplus patch (58635 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101739-07: [README] SunOS 5.3: sendmail jumbo patch - security (218819
bytes)
o
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o 101786-02: [README] * SunOS 5.3: inetd fixes (60339 bytes)
o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------ Message Header Follows ------
Received: from realityone by smtpgate.gstone.com
(PostalUnion/SMTP(tm) v2.1.5c for Windows NT(tm))
id AA-1995Apr05.182754.1024.2738; Wed, 05 Apr 1995 18:27:54 -0900
Received: from wyrm.cc.uow.edu.au by realityone via SMTP
(931110.SGI/930416.SGI.AUTO)
for rschlientz@smtpgate.gstone.com id AA23568; Wed, 5 Apr 95 18:26:39 -0700
Received: (from daemon@localhost) by wyrm.cc.uow.edu.au (8.6.10/8.6.9) id
XAA22183 for ids-outgoing; Wed, 5 Apr 1995 23:37:33 +1000
X-Sender: swift@tamiya.llnl.gov
Message-Id: <aba844830b02100438ef@[128.115.138.237]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 5 Apr 1995 06:04:04 -0700
To: ids@uow.edu.au
From: uncl@llnl.gov (Frank Swift at Home)
Subject: Sun Security Bulletin #130
Sender: owner-ids@uow.edu.au
Precedence: bulk
Reply-To: ids@uow.edu.au
