Re: Cisco Security Advisory: Solaris /bin/log vulnerability

From: Charles M. Richmond (cmrat_private)
Date: Fri Apr 12 2002 - 05:11:59 PDT

Next message: Francesco Pacaccio: "R: MS02-018"

Previous message: Dan Kuykendall: "Re: SQL injection in PHPGroupware"
Maybe in reply to: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Solaris /bin/log vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is not a new vulnerability. Sun put out a patch for this in early
January. It is a bug in the O/S, but given Sun's much more proactive
response, perhaps Cisco is being a somewhat less responsive and a little
too hard on Sun in their notification below. Specifically, one has to
wonder why, Cisco does not refer to the patches from Sun rather than
claim that, "This vulnerability can be mitigated in many cases (not all), 
by limiting interactive logins to trusted hosts using access control list 
(ACL) or other mechanisms such as firewalls."

Has Cisco modified the Solaris /bin/login and is that why they are not
recommending Sun's patch.

Charles Richmond

************************************************************
Summary
=======
This advisory describes a vulnerability that affects Cisco products and
applications that are installed on the Solaris operating system, and is
based on the vulnerabilty of an common service within the Solaris operating
system, not due to a defect of the Cisco product or application. A
vulnerability in the "/bin/login" program was discovered that enables an
attacker to execute arbitrary code under Solaris OS. This vulnerability was
discovered and publicly announced by Internet Security Systems Inc. All
Cisco products and applications that are installed on Solaris OS are
considered vulnerable to the underlying operating system vulnerability,
unless steps have been taken to disable access services such as "bin/login".

We are investigating other Solaris based products.

This vulnerability can be mitigated in many cases (not all), by limiting
interactive logins to trusted hosts using access control list (ACL) or
other mechanisms such as firewalls.

This advisory is available at the 
http://www.cisco.com/warp/public/707/Solaris-bin-login.shtml

Products Affected
=================
All products and all releases that are running on top of Solaris OS are
vulnerable because the vulnerability is within Solaris and not within the
other applications.
...
************************************************************

---
***********************************************************************
*  Charles Richmond    Integrated International Systems Corporation   *
*  cmrat_private   cmrat_private   cmrat_private   http://www.iisc.com   *
*  UNIX Internals, I18N, L10N, X, Realtime Imaging, and  Custom S/W   *
*         131 Bishop's Forest Drive , Waltham , Ma. USA 02452         *
*  (781) 647 2269   FAX (781) 647 3665   Cellular (781) 389 9777      *
***********************************************************************

Next message: Francesco Pacaccio: "R: MS02-018"
Previous message: Dan Kuykendall: "Re: SQL injection in PHPGroupware"
Maybe in reply to: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Solaris /bin/log vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 05:55:41 PDT