[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: [cobalt-users] BIND & ProFTPD

Subject: [cobalt-security] Re: [cobalt-users] BIND & ProFTPD
From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
Date: Sat, 10 Feb 2001 17:37:12 -0600
Organization: anonymous
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Thu, 8 Feb 2001 13:00:06 -0800, Rene Hendrix <rhendrix@xxxxxxx> wrote:

:>G'Afternoon.
:>
:>We here at Cobalt wanted to assure you that we are doing everything
:>possible to get .pkg's out the door for the recent BIND exploit as
:>well as the recent ProFTPD response to several security holes.

[snip]

:>ProFTPD:

[snip]

:> mips w/o PAM: (RaQ1, Qube2)
:> ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/proftpd-1.2.0rc3-C1-NOPAM.mips.rpm
:>
:>As always, the RPMS are experimental and upsupported until the
:>official pkg is release and posted.
:>
:>If you have any questions about these upgrades, please contact me
:>at rhendrix@xxxxxxx

Why is it NOPAM for the Qube2?

I am a bit reluctant to install the Qube2 rpm since my system has a ton of pam
stuff:

/etc/pam.conf
/etc/pam.d
/etc/pam.d/ftp
/etc/pam.d/imap
/etc/pam.d/other
/etc/pam.d/ppp
/etc/pam.d/rexec
/etc/pam.d/rlogin
/etc/pam.d/rsh
/etc/pam.d/sshd
/etc/pam.d/su
/etc/security/pam_env.conf
/lib/libpam.so
/lib/libpam.so.0
/lib/libpam.so.0.64
/lib/libpam_misc.a
/lib/libpam_misc.so
/lib/libpam_misc.so.0
/lib/libpam_misc.so.0.64
/lib/security/pam_access.so
/lib/security/pam_cracklib.so
/lib/security/pam_deny.so
/lib/security/pam_env.so
/lib/security/pam_filter.so
/lib/security/pam_ftp.so

[snip] -- the /lib/security and /usr/include/security files are dated 20 Aug
1998

/sbin/pamconfig
/sbin/pam_filter
/sbin/pam_filter/upperLOWER
/usr/include/security/pam_appl.h
/usr/include/security/pam_filter.h
/usr/include/security/pam_misc.h
/usr/include/security/pam_modules.h
/usr/include/security/_pam_compat.h
/usr/include/security/_pam_macros.h
/usr/include/security/_pam_types.h
[admin@vanecek security]$ 

[admin@vanecek security]$ d /etc/pam.d
total 14
drwxr-xr-x   2 root     root         1024 Nov 23 03:53 ./
drwxr-xr-x  32 root     root         4096 Feb  2 09:06 ../
-rw-r--r--   1 root     root          283 Nov 11 12:46 ftp
-rw-r--r--   1 root     root          116 Nov  4  1998 imap
-rw-r--r--   1 root     root          210 Aug 20  1998 other
-rw-r--r--   1 root     root          155 Jan 25  1999 ppp
-rw-r--r--   1 root     root          216 Nov 16  1997 rexec
-rw-r--r--   1 root     root          429 Nov 16  1997 rlogin
-rw-r--r--   1 root     root          204 Nov 16  1997 rsh
-rw-r--r--   1 root     root          410 Nov 23 03:54 sshd
-rw-r--r--   1 root     root          284 Feb  6  1998 su

References:
- [cobalt-security] BIND & ProFTPD
  - From: Rene Hendrix

Prev by Date: [cobalt-security] bind updates running as root
Next by Date: [cobalt-security] BindView advisory: sshd remote root (bug in deattack.c) (fwd)
Previous by thread: [cobalt-security] Re: [cobalt-users] BIND & ProFTPD
Next by thread: [cobalt-security] Re: [cobalt-users] BIND & ProFTPD

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index