[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: COPS Warning message on AIX.4.1.5 (fwd)



Not directly about Linux, but of interest to anyone who is concerned 
about Linux systems security.

---------- Forwarded message ----------
Date: Thu, 5 Nov 98 8:05:53 -0500
From: Charles Macdonald <charles.macdonald@hrdc-drhc.gc.ca>
To: "'FAQ-Maintainers@lists.consensus.com'"
     <FAQ-Maintainers@lists.consensus.com>,
    adsouza@caiso.com
Subject: re: COPS Warning message on AIX.4.1.5

A research chalenge so early in the morning!and just one hit on 
Alta-Vista too!(and a trail of three sites to get the information)

if you look at http://www.cert.org/advisories/index.html
you will find a list of CERT advisories..

For example at
http://www.cert.org/advisories/CA-91.19.AIX.TFTP.Daemon.vulnerability.html
there is the CA 91-19 report on a posible hole in TFTPD on AIX.

Looking for the info on the cops program it seems that it checks your
system against the list of problems that CERT has found (just using file
dates) and so flags any files that should be checked.

Just for anyone who is not following, (8->)here is the key info I found 
on my way to the above info....

<Snippet 1> COPS (The Computer Oracle and Password System)

      COPS is a publicly available collection of programs that attempt to
      identify security problems in a UNIX system. COPS does not attempt 
to
      correct any discrepancies found; it simply produces a report of its
      findings. COPS is available by anonymous FTP from 

              info.cert.org:/pub/tools/cops 
<snippet2>
..... dates of CERT advisories vs. key files.This checks the dates that
 various bugs and security holes were reported by CERT against the
 actual date on the file in question.  A positive result doesn't
 always mean that a bug was found, but it is a good indication that
 you should look at the advisory and file for further clues.  A
 negative result, obviously, does not mean that your software has no
 holes, merely that it has been modified in SOME way (perhaps merely
 "touch"'ed) since the advisory was sent out.
<end of snippets>

Of course Austin, now that everyone knows that there is a posibility of a
hole in a system, you really should get the patches8->>
-------------
Original Text
From: "D'Souza, Austin" <ADSouza@caiso.com>, on 98/11/04 04:40 PM:
To: INET["'FAQ-Maintainers@lists.consensus.com'"
<FAQ-Maintainers@lists.consensus.com>]

 When I run the cops report everyday on my AIX 4.1.5 server , At the end of
the cops report I get the following warning.
Can any one help me in solving this problem.

The warning message is below:
Warning!/usr/lib/sendmail could have a hole/bug!  (CA-88:01)
Warning!/bin/login could have a hole/bug!  (CA-89:01)
Warning!/etc/ftpd could have a hole/bug!  (CA-89:01)
Warning!/etc/fingerd could have a hole/bug!  (CA-89:01)
Warning!/usr/ucb/rdist could have a hole/bug!  (CA-91:20)
Warning!/etc/tftpd could have a hole/bug!  (CA-91:19)

My email id is adsouza@caiso.com

Thanks
Austin D'souza