[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
re: COPS Warning message on AIX.4.1.5 (fwd)
yep, it's a well known behave of the tftpd. to restrict tftp access
to certain files and dirs you may edit the /etc/tftpaccess.ctl file.
if you don't have it, copy it from /usr/samples/tcpip/tftpaccess.ctl.
On Thu, 5 Nov 1998, Omer Zak wrote:
> Not directly about Linux, but of interest to anyone who is concerned
> about Linux systems security.
>
> ---------- Forwarded message ----------
> Date: Thu, 5 Nov 98 8:05:53 -0500
> From: Charles Macdonald <charles.macdonald@hrdc-drhc.gc.ca>
> To: "'FAQ-Maintainers@lists.consensus.com'"
> <FAQ-Maintainers@lists.consensus.com>,
> adsouza@caiso.com
> Subject: re: COPS Warning message on AIX.4.1.5
>
> A research chalenge so early in the morning!and just one hit on
> Alta-Vista too!(and a trail of three sites to get the information)
>
> if you look at http://www.cert.org/advisories/index.html
> you will find a list of CERT advisories..
>
> For example at
> http://www.cert.org/advisories/CA-91.19.AIX.TFTP.Daemon.vulnerability.html
> there is the CA 91-19 report on a posible hole in TFTPD on AIX.
>
> Looking for the info on the cops program it seems that it checks your
> system against the list of problems that CERT has found (just using file
> dates) and so flags any files that should be checked.
>
> Just for anyone who is not following, (8->)here is the key info I found
> on my way to the above info....
>
> <Snippet 1> COPS (The Computer Oracle and Password System)
>
> COPS is a publicly available collection of programs that attempt to
> identify security problems in a UNIX system. COPS does not attempt
> to
> correct any discrepancies found; it simply produces a report of its
> findings. COPS is available by anonymous FTP from
>
> info.cert.org:/pub/tools/cops
> <snippet2>
> ..... dates of CERT advisories vs. key files.This checks the dates that
> various bugs and security holes were reported by CERT against the
> actual date on the file in question. A positive result doesn't
> always mean that a bug was found, but it is a good indication that
> you should look at the advisory and file for further clues. A
> negative result, obviously, does not mean that your software has no
> holes, merely that it has been modified in SOME way (perhaps merely
> "touch"'ed) since the advisory was sent out.
> <end of snippets>
>
> Of course Austin, now that everyone knows that there is a posibility of a
> hole in a system, you really should get the patches8->>
> -------------
> Original Text
> From: "D'Souza, Austin" <ADSouza@caiso.com>, on 98/11/04 04:40 PM:
> To: INET["'FAQ-Maintainers@lists.consensus.com'"
> <FAQ-Maintainers@lists.consensus.com>]
>
> When I run the cops report everyday on my AIX 4.1.5 server , At the end of
> the cops report I get the following warning.
> Can any one help me in solving this problem.
>
> The warning message is below:
> Warning!/usr/lib/sendmail could have a hole/bug! (CA-88:01)
> Warning!/bin/login could have a hole/bug! (CA-89:01)
> Warning!/etc/ftpd could have a hole/bug! (CA-89:01)
> Warning!/etc/fingerd could have a hole/bug! (CA-89:01)
> Warning!/usr/ucb/rdist could have a hole/bug! (CA-91:20)
> Warning!/etc/tftpd could have a hole/bug! (CA-91:19)
>
> My email id is adsouza@caiso.com
>
> Thanks
> Austin D'souza
>
>
>
>
>
>
--Eli
+--------------------------------------------------------------------+
| Eli Beker http://www.ibm.net.il/~beker |
| Unix System Admin. beker@ibm.net.il |
| IBM Global Networking - IBM Israel Vnet: LBE at TELVM1 |
| Phone : +972-3-6978687 Fax : +972-3-6978115 |
+--------------------------------------------------------------------+