Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
21222324252627282930
SAFER – Vol. 3, Issue 6 24 © 2000 The Relay Group
Multiple Linux Vendor pam_console Vulnerability
Released May 03, 2000
Affects RedHat Linux 6.0 up to 6.2
Reference http://www.securityfocus.com/bid/1176
Problem
- pam_console exists to own certain devices to users logging in to the console of a Linux machine.
It is designed to allow only console users to utilize things such as sound devices. It will chown
devices to users upon logging in, and chown them back to being owned by root upon logout.
- However, as certain devices do not have a 'hangup' mechanism, like a tty device, it is possible for
a local user to continue to monitor activity on certain devices after logging out. This could allow a
malicious user to sniff other users console sessions, and potentially obtain the root password if the
root user logs in, or a user su's to root. They could also surreptitiously execute commands as the
user on the console.
SAFER
- Exploit code has been released for this problem. Patch should be released soon.
Multiple Vendor Predictable Resolver ID Vulnerability
Released May 03, 2000
Affects GNU glibc 2.0 up to2.1.3, ISC BIND 8.2 up to 8.2.2 p5
Reference http://www.securityfocus.com/bid/1166
Problem
- Vulnerability exists in the resolver routines supplied with glibc, up to and including 2.1.3. The glibc
resolution routines will use information regarding the time on the machine, together with a process
pid, to generate a random ID. Guessing this information intelligently is fairly easy. This, coupled
with the fact that the resolver routines will discard any non-matching ID, allows for a brute force
guess of the ID.
- The resolver library to match requests with queries uses IDs. This is the only form of verification
the host has that the return packets are actually from the nameserver it requested information
from. Being able to predict this may make it possible to return bogus return information, or perform
a variety of DNS based attacks.
SAFER
- The real world susceptibility of the resolver to the attacks above has not been demonstrated.
Cisco Router Online Help Vulnerability
Released May 03, 2000
Affects Cisco IOS, Cisco Router
Reference http://www.securityfocus.com/bid/1161
Problem
- Under certain revisions of IOS multiple Cisco routers have information leakage vulnerability in their
online help systems. In essence this vulnerability allows users who currently have access to the
router at a low level of privilege (users without access to the 'enable' password) can use the help
system to view information which should only in theory be available to an 'enabled' user.
- This information is comprised of access lists among other things. The help system itself does not
list these items as being available via the 'show' commands yet none the less it will execute them.
SAFER
- Cisco's Product Security Incident Response Team has confirmed the issue and approved the
recommended workaround.