ISSalert: ISS Security Update

From: Aleph One (aleph1at_private)
Date: Mon Nov 16 1998 - 22:46:27 PST

  • Next message: Glynn Clements: "Re: open() races in general" 

    ---------- Forwarded message ----------
Date: Mon, 16 Nov 1998 13:41:02 -0500 (EST)
From: X-Force <xforceat_private>
To: alertat_private
Cc: X-Force <xforceat_private>
Subject: ISSalert: ISS Security Update

-----BEGIN PGP SIGNED MESSAGE-----

ISS Security Update
November 16th, 1998

This update contains updated patch information for the ISS Security
Advisories "Hidden community string in SNMP implementation" and "BMC
PATROL File Creation Vulnerability"  released on November 2, 1998.

_____

Hidden community string in SNMP implementation

Synopsis:

Internet Security System (ISS) X-Force has discovered a serious
vulnerability in Sun Microsystems(r) Solstice(tm) Enterprise Agent(tm)
and the Solaris operating system.  This SNMP hidden community string is
hard coded into the binary and can not be configured nor is it in the
configuration files.  The hidden Sun SNMP community word is not the same
as the hidden HP SNMP community string.  This vulnerability allows
attackers to execute arbitrary commands with root privileges, manipulate
system parameters, and kill processes.

To determine if you are vulnerable:

Run pkginfo to determine the revision of SEA you are running on your
system.  If you are running SEA 1.0 or 1.0.1 on Solaris 2.4 or 2.5,
disable the agents or upgrade your operating system.  If you are running
2.5.1 or higher you may upgrade to SEA 1.0.3.

SEA 1.0 and 1.0.1 agents will display:

  % pkginfo SUNWmibii
        system      SUNWmibii      Solstice Enterprise Agent SNMP daemon

For SEA 1.0.2:

        % pkginfo SUNWmibii
        system      SUNWmibii      Solstice Enterprise Agents 1.0.2 SNMP daemon

Updated Fix Information:

The patch information initially provided in the November 2nd advisory was
incorrect.  Sun Microsystems advises all its Solaris 2.6, 2.6_x86. 2.5.1,
and 2.5.1_x86 customers to upgrade to Solstice Enterprise Agents
version1.0.3.  This version is available at
http://www.sun.com/solstice/products/ent.agents. Many system
administrators have no need for host-based SNMP agents. Administrators can
temporarily disable the SNMP daemons by executing the following commands
as root:

# /etc/init.d/init.snmpdx stop
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx

_____

BMC PATROL File Creation Vulnerability

Synopsis:

Internet Security Systems (ISS) X-Force has discovered a vulnerability in
BMC Software PATROL(r) network management software.  PATROL contains a
vulnerability that may allow local attackers to compromise root access.
The agent creates insecure temporary files that may lead to a symbolic
link attack.

Updated Fix Information:

BMC has made a patch available for this vulnerability.  BMC recommends
that its customers upgrade to PATROL Agent version 3.2.07, released
September 21, 1998.

How to download version 3.2.07 PATROL Agent for Unix patch from the web:
1.      Go to http://www.bmc.com/
2.      Choose Support.
3.      Choose Log in to Support. The Enter Network Password windowappears.
4.      Enter your User name and Password.
5.      Click on "P." Then choose PatrolAgent for Unix.
6.      In the "Latest Version: 3.2.07" section, click Product Fixes Available.
7.      A list of target types appears. For the appropriate target type,click
        the corresponding link to start downloading the file.
8.      A File Download dialog requests what you would want to do with the file.
        Choose to save the file to disk.
9.      Specify where to save the file on your hard disk.
10.     For instructions on how to install the patch, click the hypertext link
        to PTRL327.readme.

Note: Depending on the browser, the name of the patch file might be
different from the name specified in the PTRL327.readme.  For example,
using Netscape Navigator on Windows NT, the file name ends in "_tar" instead
of ".tar.Z".

_____

Copyright (c) 1998 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this alert
electronically.  It is not to be edited in any way without express consent
of X-Force.  If you wish to reprint the whole or any part of this alert in
any other medium excluding electronic medium, please e-mail xforceat_private
for permission.

Disclaimer
The information within this paper may change without notice.  Use of this
information constitutes acceptance for use in an AS IS condition.  There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is
at the user's own risk.

X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html
aswell as on MIT's PGP key server and PGP.com's key server.

X-Force Vulnerability and Threat Database: http://www.iss.net/xforce

Please send suggestions, updates, and comments to:
X-Force <xforceat_private> of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNlBiZTRfJiV99eG9AQF+IgQAu1uN+oVSlCiWWxwS14nv2/KkLZ6inukx
179R/OFDYUB2B14SmgE5x29M6+EHX2ap1e72bPJzYWLmk3LJi8N8f7gdQFsqTF3j
xuUTHrKrgIuyS+YNYEhXWSg76zf7T/kqrTyNbuUV0mSu4vlI+QuRDw3dJNWrumnQ
Q4cudw+veok=
=gJ5c
-----END PGP SIGNATURE-----

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:39 PDT