Intrusion Detection Systems mailing list archives

Re: Who knows the BUGs or Backdoors of SunOS 5.6 ?

From: lamb_donald () bah com (Lamb Donald)
Date: Thu, 11 Nov 1999 16:23:33 -0500


I would look at http://www.securityfocus.com for security vulnerabilities (there
are several other sites as well).  Oftentimes not all have patches to correct the
problem.  Ensure that you have installed all released patches that apply to your
operating environment!  I would also look at the inetd.conf file in /etc for
enabled exploitable services (tftp and the "r" commands immediately come to mind).
Changing account passwords and restricting access to suid and sgid executables
would also be highly encouraged.  Unless Sun has changed their philosophy, remote
login by root is enabled (#CONSOLE=/dev/console disables the command; removing the
"#" will prevent remote login to another host as root).  Although I would not
recommend allowing remote login by root, I do not consider it a backdoor.  Sun has
published some security guidelines.  I believe it is still available at
http://sunsolve.sun.com.  I hope it helps.  Take care.

Don

ColFlagg () chubb com wrote:

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
---------------------------------------------------------------------------
---

By default, SunOS 5.6 restricts root logins to the console.  It is a common
security
practice to leave this as is.  However, if you don't care you can edit the
following file:

/etc/default/login

     # To allow root login from anywhere comment out the following line:
     CONSOLE=/dev/console

I am not sure about the anonymous thing.  Again, I think it is a default.  Good
Luck

Jim Lemieux

snow_man <snow_man () cmmail com> on 11/08/99 12:19:32 AM

Please respond to snow_man () cmmail com







 To:      "ids () uow edu au" <ids () uow edu au>

 cc:      (bcc: ColFlagg/ChubbMail)



 Subject: IDS: Who knows the BUGs or Backdoors of SunOS 5.6
          ?


FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
---------------------------------------------------------------------------
---
Who knows the BUGs or Backdoors of SunOS 5.6  ?
Its "root" and "anonymous"   can not be logined outside its keyboard.

end
quit
   From :  snow_man () cmmail com
-----------------------------------------


<!-- attachment="aLamb_Donald.vcf" -->
<HR>
<UL>
<LI>text/x-vcard attachment: Lamb_Donald.vcf
</UL>

Current thread:

Re: Who knows the BUGs or Backdoors of SunOS 5.6 ? ColFlagg () chubb com (Nov 11)
- Re: Who knows the BUGs or Backdoors of SunOS 5.6 ? Lamb Donald (Nov 11)
  - Re: Who knows the BUGs or Backdoors of SunOS 5.6 ? Eric Budke (Nov 12)
    - Re: Who knows the BUGs or Backdoors of SunOS 5.6 ? Marc Esipovich (Nov 12)
    - The story of a small boy ... sealed envelops ... ------------ some facts Max (Nov 12)
    - Re: The story of a small boy ... sealed envelops ... ------------ some facts Eric Budke (Nov 13)
    - WIN NT netcomm (Nov 15)
    - Rant against Drivel - was - The story of a small boy Technical Incursion Countermeasures (Nov 15)
    - EEA of 1996 Max (Nov 12)
    - web archive ke chen (Nov 12)