[25048] in bugtraq
Re: Cisco Security Advisory: Solaris /bin/log vulnerability
daemon@ATHENA.MIT.EDU (Charles M. Richmond)
Fri Apr 12 08:59:43 2002
Message-Id: <200204121211.IAA23668@koibito.iisc.com>
To: bugtraq@securityfocus.com
Date: Fri, 12 Apr 2002 08:11:59 -0400
From: "Charles M. Richmond" <cmr@iisc.com>
This is not a new vulnerability. Sun put out a patch for this in early
January. It is a bug in the O/S, but given Sun's much more proactive
response, perhaps Cisco is being a somewhat less responsive and a little
too hard on Sun in their notification below. Specifically, one has to
wonder why, Cisco does not refer to the patches from Sun rather than
claim that, "This vulnerability can be mitigated in many cases (not all),
by limiting interactive logins to trusted hosts using access control list
(ACL) or other mechanisms such as firewalls."
Has Cisco modified the Solaris /bin/login and is that why they are not
recommending Sun's patch.
Charles Richmond
************************************************************
Summary
=======
This advisory describes a vulnerability that affects Cisco products and
applications that are installed on the Solaris operating system, and is
based on the vulnerabilty of an common service within the Solaris operating
system, not due to a defect of the Cisco product or application. A
vulnerability in the "/bin/login" program was discovered that enables an
attacker to execute arbitrary code under Solaris OS. This vulnerability was
discovered and publicly announced by Internet Security Systems Inc. All
Cisco products and applications that are installed on Solaris OS are
considered vulnerable to the underlying operating system vulnerability,
unless steps have been taken to disable access services such as "bin/login".
We are investigating other Solaris based products.
This vulnerability can be mitigated in many cases (not all), by limiting
interactive logins to trusted hosts using access control list (ACL) or
other mechanisms such as firewalls.
This advisory is available at the
http://www.cisco.com/warp/public/707/Solaris-bin-login.shtml
Products Affected
=================
All products and all releases that are running on top of Solaris OS are
vulnerable because the vulnerability is within Solaris and not within the
other applications.
...
************************************************************
---
***********************************************************************
* Charles Richmond Integrated International Systems Corporation *
* cmr@iisc.com cmr@acm.org cmr@shore.net http://www.iisc.com *
* UNIX Internals, I18N, L10N, X, Realtime Imaging, and Custom S/W *
* 131 Bishop's Forest Drive , Waltham , Ma. USA 02452 *
* (781) 647 2269 FAX (781) 647 3665 Cellular (781) 389 9777 *
***********************************************************************
