[17489] in bugtraq
Cyberguard FW Silliness
daemon@ATHENA.MIT.EDU (phzy@ANTIPLUR.COM)
Sat Nov 4 02:32:02 2000
Message-Id: <200011032324.SAA09161@tlink.net>
Date: Fri, 3 Nov 2000 18:24:17 -0500
Reply-To: phzy@ANTIPLUR.COM
From: phzy@ANTIPLUR.COM
X-To: bugtraq@security-focus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hey guys,
Not an extremely huge issue, however one I think worth noting.
Cyberguard claims that their FW software runs atop 'hardened'
versions of SCO/Unixware (comes bundled w/ the FW package).
However, on a default installation of
the latest version of the Cyberguard FW on SCO, there are a number
of silly permissions on various critical files/directories:
drw-rw-rw- /etc/security/firewall/cm
drw-rw-rw- /etc/security/firewall/cm-defaults
-rw-rw-rw- /etc/.device.tab.lock
drwxrwxrw- /etc/conf/pack.d/ktrc
-rw-rw-rw- /etc/iaf/cr1/.kmpipe
-rw-rw-rw- /etc/scsi/dtab.out
-rw-rw-rw- /etc/wsinit.err
-rw-rw-rw- /usr/X/lib/fs/fs-errors
-rwxrwxrwx /usr/X/desktop/Help_Desk
-rw-rw-rw- /var/adm/log/routes
-rw-rw-rw- /var/adm/log/qhap.log
-rw-rw-rw- /var/adm/sa/*
-rw-rw-rw- /var/adm/spellhist
-rw-rw-rw- /var/adm/unixtsa.log
drwxrwxrwx /var/sadm/dist
drwxrwxrwx /var/content/*
-rw-rw-rw- /var/audit/1018_list
-rw-rw-rw- /dev/X/xfont.7000
-rw-rw-rw- /tmp/.scopty
-rw-rw-rw- /opt/QUALha/dev/ifs/*
Of course, the obvious symlink/race conditions apply w/ the temp files
listed above.
When Cyberguard was notified that their 'hardened' OS is not quite
as 'hardened' as originally thought, they stated that we would be
performing the configuration changes at our own risk and will
discontinue our support due to our 'custom', 'uncertified'
FW installation. However, they would glady
send out a consultant at a cost of $15,000 to audit and certify our
'custom' configuration. HEH!
- phzy
--
Sent with Antiplur webmail: http://webmail.antiplur.com
