TROJAN: netstation.navio-comm.rte 1.1.0.1

From: Ryan McRonald (mcronaldat_private)
Date: Fri Jan 29 1999 - 21:43:51 PST

Next message: The Attitude Adjuster: "Re: NT4 Locking (Was: ole objects in a "secured" environment?)"

Previous message: Thomas: "Re: Mirc 5.5 'DCC Server' hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  While configuring some IBM Network Station 300s I noticed that my /tmp
directory had become NFS exported and world read/writeable!!  I traced
this to one of the configuration scripts that is included in AIX's
netstation.navio-com.rte 1.1.0.1 used for the Navio NC browser.

>From /usr/netstation/bin/Xnav:

1)  Magic number is munged ... pet peeve of mine:

    +1  # @(#)93  1.3 src/nav/aix/Xnav.cpp, navio, 41navio110
    +2  #!/bin/ksh
    +3  #
    ...

2)  This part is somewhat problematic:

   ...
   +98  grep "/tmp" /etc/exports > /dev/null 2>&1
   +99  if [ $? -ne 0 ]; then
  +100          echo "/tmp" >> /etc/exports
  +101          /usr/sbin/exportfs -a
  +102  fi
   ...

The fix:

1) Do you have netstation.navio.comm-rte installed?

  # lslpp -l netstation.navio-comm-rte

2)  Check if /tmp is exported with:

  # exportfs

3) If /tmp is exported run:

  # /usr/sbin/rmnfsexp -d /tmp -B

This emphasizes the importance of running a regular "sanity" security
audits such as satan or ISS.

regards from a long-tine bugtraq lurker,

Ryan



____________________________________________________________________
More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail

Next message: The Attitude Adjuster: "Re: NT4 Locking (Was: ole objects in a "secured" environment?)"
Previous message: Thomas: "Re: Mirc 5.5 'DCC Server' hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:17 PDT