[7765] in bugtraq
Security Hole in Axent ESM
daemon@ATHENA.MIT.EDU (dcupp@SNAKEBITE.COM)
Wed Aug 26 21:56:54 1998
Date: Wed, 26 Aug 1998 21:17:01 -0400
Reply-To: dcupp@SNAKEBITE.COM
From: dcupp@SNAKEBITE.COM
To: BUGTRAQ@NETSPACE.ORG
My boss bought Axent ESM and wants me to install it. Before installing it,I noticed it relies on CRC checksums as the mechanism to validate the integrity of the files. This appears to be a major security NO-NO, and even old freeware security packages like Tripwire use stronger algorithms.
On CERT's web site, it is documented in the Intrusion Detection Checklist saying, "Trojan horse programs may produce the same standard checksum and timestamp as the legitimate version. Because of this, the standard UNIX sum(1) command and the timestamps associated with the programs are not sufficient to determine whether the programs have been replaced."
I talked with our Axent contact and he claimed that their file integrity validation could not be compromised by a hacker because Axent has security experts that designed ESM.
Before I install ESM, I would like either make sure their product can't easily be spoofed by hackers because of weak CRC checksums or Axent fix their vulnerability. Maybe other readers on BugTraq will encourage Axent to close up this hole since my
own efforts have fallen on deaf ears.
--
Dan Cupp
System Administrator
UNIX / PERL Ninja!
---------------------------------------------------
Get free personalized email at http://www.iname.com
