Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: CPSN 9:971208: Solaris /var Permission Problems

CPSN 9:971208: Solaris /var Permission Problems

From: CPIO Advisory Role Account <advisory_at_CORINNE.CPIO.ORG>
Date: Mon, 12 Jan 1998 15:56:18 -0800

     **************** CPIO Security Notice ****************
     Issue Number 9: 971208
     Topic: Solaris /var Permission problems
     Platforms: Solaris 2.5.1, 2.6 / SPARC; possibly 2.5.
     Severity: Common Sense Caution
                **** http://www.darpanet.net ****

Both Solaris 2.5.1 and Solaris 2.6 leave remarkably exploitable
permissions on files and directories in /var after a default install.
After patch installs, many of these highly insecure permissions still
exist. Others may have noticed this behaviour, but no one at CPIO has
yet seen it summarized or published. As a result, few administrators
seem to be aware of this problem. There are public-domain scripts
that fix at least some of the permissions in question.

Careful examination of both operating systems (running find(1) :) )
on sun4c, sun4m, and sun4u platforms yielded the following results.
Solaris for x86 platforms may be similarly affected. After checking
all machines with the same set of commands, we have found the
following permission problems with these files:

Solaris 2.5.1:
        /var/adm/vold.log (mode 666, root:root)
        /var/adm/spellhist (mode 666, bin:bin)
        /var/adm/messages (mode 666, root:other) NOTE: this is the
                                first set of permissions on this
                                file. newsyslog fixes this during
                                the archive process.
        /var/adm/log/asppp.log (mode 666, root:root)
        /var/news (directory, mode 777, bin:bin)
        /var/log/syslog (mode 666, root:other) On initial install,
                                this is 664, but when rolled over,
                                becomes 666. Patch 104613 fixes this.
        /var/log/sysidconf.log (mode 777, root:other)
        /var/sadm/install/.pkg.lock (mode 666, root:root)
        /var/spool/lp/fifos/FIFO (mode 666, lp:lp)
        /var/lp/logs/lpsched (mode 666, root:root)
        /var/lp/logs/lpNet (mode 666, root:root)
        /var/preserve (directory, mode 777, bin:bin)
        /var/spool/pkg (directory, mode 777, bin:bin)

Solaris 2.6:
        /var/adm/vold.log (mode 666, root:root)
        /var/adm/spellhist (mode 666, bin:bin)
        /var/log/sysidconf.log (mode 777, root:other)
        /var/saf/_log (mode 666, root:root)
        /var/dmi/db/1l.comp (mode 666, root:root)
        /var/dmi/db/1l.tbl (mode 666, root:root)
        /var/snmp/snmpdx.st (mode 666, root:root)
        /var/snmp/snmpdx.st.old (mode 666, root:root)

PATCHES AND FIXES

Some patches fix some problems-- patch 104613 fixes the
/var/log/syslog problem on 2.5.1.

In addition, Casper Dik has a program called "fix-modes" which is
available from ftp://ftp.wins.uva.nl/pub/solaris/
This fixes many of the descrepancies detailed here.

CREDITS

Contributed by Gale Pedowitz. Jonathan Katz compiled the final bad
permissions lists.

Gale Pedowitz <gale_at_cpio.org>
Jonathan Katz <jkatz_at_cpio.org>
Received on Jan 12 1998

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos