[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: COPS Warning message on AIX.4.1.5 (fwd)




yep, it's a well known behave of the tftpd. to restrict tftp access
to certain files and dirs you may edit the /etc/tftpaccess.ctl file.

if you don't have it, copy it from /usr/samples/tcpip/tftpaccess.ctl.



On Thu, 5 Nov 1998, Omer Zak wrote:

> Not directly about Linux, but of interest to anyone who is concerned 
> about Linux systems security.
> 
> ---------- Forwarded message ----------
> Date: Thu, 5 Nov 98 8:05:53 -0500
> From: Charles Macdonald <charles.macdonald@hrdc-drhc.gc.ca>
> To: "'FAQ-Maintainers@lists.consensus.com'"
>      <FAQ-Maintainers@lists.consensus.com>,
>     adsouza@caiso.com
> Subject: re: COPS Warning message on AIX.4.1.5
> 
> A research chalenge so early in the morning!and just one hit on 
> Alta-Vista too!(and a trail of three sites to get the information)
> 
> if you look at http://www.cert.org/advisories/index.html
> you will find a list of CERT advisories..
> 
> For example at
> http://www.cert.org/advisories/CA-91.19.AIX.TFTP.Daemon.vulnerability.html
> there is the CA 91-19 report on a posible hole in TFTPD on AIX.
> 
> Looking for the info on the cops program it seems that it checks your
> system against the list of problems that CERT has found (just using file
> dates) and so flags any files that should be checked.
> 
> Just for anyone who is not following, (8->)here is the key info I found 
> on my way to the above info....
> 
> <Snippet 1> COPS (The Computer Oracle and Password System)
> 
>       COPS is a publicly available collection of programs that attempt to
>       identify security problems in a UNIX system. COPS does not attempt 
> to
>       correct any discrepancies found; it simply produces a report of its
>       findings. COPS is available by anonymous FTP from 
> 
>               info.cert.org:/pub/tools/cops 
> <snippet2>
> ..... dates of CERT advisories vs. key files.This checks the dates that
>  various bugs and security holes were reported by CERT against the
>  actual date on the file in question.  A positive result doesn't
>  always mean that a bug was found, but it is a good indication that
>  you should look at the advisory and file for further clues.  A
>  negative result, obviously, does not mean that your software has no
>  holes, merely that it has been modified in SOME way (perhaps merely
>  "touch"'ed) since the advisory was sent out.
> <end of snippets>
> 
> Of course Austin, now that everyone knows that there is a posibility of a
> hole in a system, you really should get the patches8->>
> -------------
> Original Text
> From: "D'Souza, Austin" <ADSouza@caiso.com>, on 98/11/04 04:40 PM:
> To: INET["'FAQ-Maintainers@lists.consensus.com'"
> <FAQ-Maintainers@lists.consensus.com>]
> 
>  When I run the cops report everyday on my AIX 4.1.5 server , At the end of
> the cops report I get the following warning.
> Can any one help me in solving this problem.
> 
> The warning message is below:
> Warning!/usr/lib/sendmail could have a hole/bug!  (CA-88:01)
> Warning!/bin/login could have a hole/bug!  (CA-89:01)
> Warning!/etc/ftpd could have a hole/bug!  (CA-89:01)
> Warning!/etc/fingerd could have a hole/bug!  (CA-89:01)
> Warning!/usr/ucb/rdist could have a hole/bug!  (CA-91:20)
> Warning!/etc/tftpd could have a hole/bug!  (CA-91:19)
> 
> My email id is adsouza@caiso.com
> 
> Thanks
> Austin D'souza
> 
> 
> 
> 
> 
> 

--Eli
+--------------------------------------------------------------------+
| Eli Beker                             http://www.ibm.net.il/~beker |
| Unix System Admin.                    beker@ibm.net.il             |
| IBM Global Networking - IBM Israel    Vnet: LBE at TELVM1          |
| Phone : +972-3-6978687                Fax   : +972-3-6978115       | 
+--------------------------------------------------------------------+