● [转载] [转寄] [转寄] Solaris的telnet服务有安 - 荔园在线 | 深圳大学学生论坛,荔园晨风BBS,深大在线网站

荔园之美，在春之萌芽，在夏之绽放，在秋之收获，在冬之沉淀

发信人: jjk (Welcome to InstallBBS,Linux!), 信区: InstallBBS
标  题: [转载] [转寄] [转寄] Solaris的telnet服务有安全漏洞
发信站: 荔园晨风BBS站 (Fri Dec 14 21:12:52 2001), 转信

【以下文字转载自 jjk 的信箱】
【原文由 jjk.bbs@bbs.nju.edu.cn 所发表】
发信人: scz (小四), 信区: cnAdmin
标  题: 立即关闭Solaris的telnet服务
发信站: UNIX编程 (2001年12月13日09:38:21 星期四), 转信

攻击程序已经在流传中

Internet Security Systems Security Advisory
December 12, 2001

Buffer Overflow in /bin/login

Synopsis:

ISS X-Force has discovered a serious vulnerability in the "login"
program present in Sun Solaris systems. Login allows users to sign on to
the system by entering a username and password. This vulnerability
allows remote attackers to execute arbitrary commands on a target system
with superuser privilege. Systems are vulnerable to this issue only if
certain types of interactive connections are allowed, such as Telnet or
Rlogin. These services are enabled by default on most platforms. X-Force
has learned that an exploit for this vulnerability has been made public.

Affected Versions:

Sun Microsystems Solaris 8 and earlier

* Note: Additional SysV derived Unix operating systems may or may not be
affected.

Description:

A static buffer overflow vulnerability is present in the Sun Solaris
implementation of "login", otherwise known as "/bin/login" for its
location in the file system. Login is executed to authenticate remote
users as they initiate clear-text terminal connections over a network.
These types of connections are ubiquitous in modern networked
environments.

Login incorrectly handles long environment variables passed to it by
in.telnetd, in.rlogind, or any other similar daemon that operates in
conjunction with login. No local account or special knowledge of the
target is needed to successfully exploit this vulnerability.

There are secure alternatives to using Telnet and Rlogin that are not
vulnerable to this issue. Secure Shell (SSH) implements encrypted
terminal connections, and it is designed to replace insecure protocols
like Telnet and Rlogin. Recent versions of SSH implement their own
version of the login program, and are not vulnerable. However, some
versions of SSH may be configured to interact with login, and may be
vulnerable in this configuration.

Recommendations:

There is no simple workaround for this issue. However, disabling all
default terminal communications services and installing SSH will
eliminate the vulnerability.

ISS X-Force urges that all vulnerable machines are patched as soon as
the vendor releases these updates. This advisory is being released
before patches are available, because the exploit for this vulnerability
has been made public.

Sun Microsystems, Inc.
Sun has reproduced the vulnerability and is testing a fix. Sun T-patches
are now available for this vulnerability. Official patches will soon be
available at the following location:
http://sunsolve.sun.com/securitypatch

ISS RealSecure Network Sensor customers are currently protected from
this vulnerability. Support for this issue was included in X-Press
Update version 3.3 as the "TelnetExcessiveTabs" signature. This
signature will be included in the next RealSecure Server Sensor.

ISS Internet Scanner X-Press Update 6.1 for Internet Scanner version
6.2.1 included support for this issue with the TelnetTabBO check.

ISS BlackICE customers are protected from this vulnerability by the
"2000902 Telnet login name overflow" signature.

Additional Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2001-0797 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

ISS X-Force Database,
http://xforce.iss.net/static/7284.php

CERT Vulnerabilty note,
http://www.kb.cert.org/vuls/id/569272

CERT Advisory,
http://www.cert.org/advisories/CA-2001-34.html

Credits:

This vulnerability was discovered and researched by Mark Dowd of the ISS
X-Force. Internet Security Systems would like to thank Sun Microsystems
and CERT for their prompt response and handling of this vulnerability.

--

            也许有一天，他再从海上蓬蓬的雨点中升起，
            飞向西来，再形成一道江流，再冲倒两旁的石壁，
            再来寻夹岸的桃花。然而，我不敢说来生，也不敢信来生......
※ 来源:·UNIX编程 apue.dhs.org·[FROM: 166.111.168.8] --
※ 转寄:·UNIX编程 apue.dhs.org·[FROM: 202.119.32.102]
--
※ 转载:．南京大学小百合站 bbs.nju.edu.cn．[FROM: dsl.nju.edu.cn]
※ zhch 于 Dec 13 10:07:28 2001 转贴[FROM: dsl.nju.edu.cn]
--
※ 转寄:．南京大学小百合站 bbs.nju.edu.cn．[FROM: 深圳大学BBS]
--
※ 转载:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.0.146]

荔园在线首页友情链接：深圳大学深大招生荔园晨风BBS S-Term软件网络书店