Professional Web Applications Themes

What's vulnerable in Solaris 9 8/03? - Sun Solaris

A machine that I administer got broken into last night, and a typical root kit installed. It was running a fairly standard installation of Solaris 9 8/03, with no patches other than the integrated patches. What's vulnerable in this OS release? I'm aware of the sshd and sendmail openings, but I didn't know they were being exploited. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking-...

  1. #1

    Default What's vulnerable in Solaris 9 8/03?

    A machine that I administer got broken into last night, and a typical
    root kit installed. It was running a fairly standard installation of
    Solaris 9 8/03, with no patches other than the integrated patches.

    What's vulnerable in this OS release? I'm aware of the sshd and
    sendmail openings, but I didn't know they were being exploited.


    --
    -Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
    Gary Guest

  2. #2

    Default Re: What's vulnerable in Solaris 9 8/03?

    In article <bksb5t$gc9$cc.umanitoba.ca>,
    umanitoba.ca (Gary Mills) writes: 

    You mean like 9_Recommended I assume
     

    You are not supposed to : >
    You work at a uni so thats a worst case scenario if there ever was
    one. I work on a very simple security model :
    I assume EVERYTHING is vulnerable. What's not vulnerable now
    can be a nano second later : >
    What you do about it is all about:
    Policy, and available resources (like time and money for example)

    If everything is vulnerable then close down whatever is not
    absolutely necesssary in order for the box to do its job...

    Now you are left with what's vulnerable - shell accounts and
    remote exploits. Restrict access. There are plenty of ways:
    tcpwrappers, secure rpcbind, sshd, ip-filter...

    Now you are invulnerable - for < nanosecond : >
    Guest

  3. #3

    Default Re: What's vulnerable in Solaris 9 8/03?

    Gary Mills wrote: 

    "sadmind" might have been the hole.
    Check the "Security Sun Alerts" at http://sunsolve.sun.com

    You might want to install a firewall such as ipfilter to block
    everything except your trusted hosts.

    Oscar Guest

  4. #4

    Default Re: What's vulnerable in Solaris 9 8/03?

    In <utoronto.ca> Oscar del Rio <utoronto.ca> writes:
     [/ref]
     

    Good guess. I just arrived at the same conclusion. Apparently, all
    Solaris 9 machines with /usr/sbin/sadmind running out of /etc/inetd.conf
    are vulnerable to root compromise. There is no fix, other than to
    disable or reconfigure it.

    The intruder did a lot of things to `improve' security on the system,
    most of which were unnecessary, and some of which made the intrusion
    quite noticible. He did a `chmod 0 /usr/lib/fs/cachefs/cachefsd, for
    example, even though the patch for that one was integrated. Breaking
    `rup' was an obvious sign.

    In my research for recent vulnerabilities, I notice that Sun has a
    T-patch available for Solaris 9 /usr/sbin/in.ftpd. I don't know
    if that buffer overflow is being exploited.

    --
    -Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
    Gary Guest

Similar Threads

  1. Installing a vulnerable port
    By Richard Danter in forum FreeBSD
    Replies: 2
    Last Post: February 19th, 02:45 AM
  2. SunSSH vulnerable
    By Oscar in forum Sun Solaris
    Replies: 32
    Last Post: September 30th, 10:57 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139