Skip to comments.
Sun patches two Solaris holes
InfoWorld ^
| June 5, 2002 10:17 am PT
| Sam Costello
Posted on 06/06/2002 3:53:11 PM PDT by Bush2000
Sun patches two Solaris holes
SUN MICROSYSTEMS RELEASED a patch that closed two security holes in its Solaris operating system Tuesday. The holes could have allowed an attacker to take control of vulnerable systems.
The vulnerabilities affect the snmpdx and mibiisa agents that are components of versions 2.6, 7 and 8 of the company's Solaris operating system, according to an alert from Sun, in Palo Alto, Calif. The two affected agents both run with root privileges, the highest level of access on systems, and are part of the OS's SNMP (Simple Network Management Protocol) capabilities. The capabilities allow for device configuration and administration. The snmpdx agent monitors SNMP requests and information from the system and forwards relevant information on to mibiisa, Sun said.
The vulnerabilities come in the form of a format string vulnerability in snmpdx and a buffer overflow in mibiisa, Sun said. Both vulnerabilties can be exploited locally and remotely, the company said.
The flaw is mitigated because the vulnerabilities only exist on systems running Sun Solstice Enterprise Master Agent, snmpdx and mibiisa, Sun added.
Patches for the affected operating systems are available at http://sunsolve.sun.com/securitypatch.
TOPICS: Business/Economy; Technical
KEYWORDS: bugs; exploits; solaris; sun; vulnerabilities
I'm shocked, shocked, shocked!
1
posted on
06/06/2002 3:53:11 PM PDT
by
Bush2000
To: Incorrigible
Somebody please tell Harr: "The emperor is wearing no clothes..."
2
posted on
06/06/2002 3:53:58 PM PDT
by
Bush2000
To: TomServo
Where, oh, where are all the usual suspects?
3
posted on
06/06/2002 4:03:56 PM PDT
by
Bush2000
To: Bush2000
Go ahead and gloat, MicroFlaccid Boy. I still wouldn't be caught dead running boxes that treat me like a retarded 6-year-old. Running Sun boxes is a hell of a lot better way to make a living. And it's easier, too -- Sun announces and fixes its vulnerabilities. MicroFlaccid ignores them, then denies them, then eventually patches them.
To: Bush2000
vulnerabilities only exist on systems running Sun Solstice Enterprise Master Agent, Thanks for the heads-up, but I don't know of anyone using Master Agent. I darn sure don't. Microsoft SQL server also has a vulnerability that I recently found out about, if anyone is running a MS box that has SQL Server on it.
/john
To: wienerdog.com
I still wouldn't be caught dead running boxes that treat me like a retarded 6-year-old.
Why would you need software to confirm that fact? /SARCASM
6
posted on
06/06/2002 4:38:58 PM PDT
by
Bush2000
To: Bush2000
Ba-da-BING!
7
posted on
06/06/2002 4:39:55 PM PDT
by
Poohbah
To: JRandomFreeper
Sun Solstice Enterprise Master Agent is not an operating system, but the SNMP daemon. It is started by default on Solaris 8 I know for sure, and I imagine 2.6 and 2.7. If you don't want to patch, here is a workaround for all Solaris freepers:
#/etc/rc3.d/S76snmpdx stop
#mv /etc/rc3.d/S76snmpdx /etc/rc3.d/s76snmpdx
8
posted on
06/06/2002 4:40:40 PM PDT
by
garibaldi
To: garibaldi
I fully understand that it is not an operating system. I admin several Sun servers and boxes, along with several linux servers. I've always been leary of SNMP, and nuked it on my servers.
/john
To: Bush2000
I thought only Windows had security problems.
To: Bush2000
Make sure the Hotmail sysadmins get this message, since the back end of Hotmail is still on Solaris. As a matter of fact, there was a job opening at Hotmail a few weeks ago for Solaris admins.
I tried to check to see if the Hotmail Solaris sysadmin job is still available, but www.microsoft.com is down.
11
posted on
06/06/2002 5:29:08 PM PDT
by
magellan
To: magellan
I tried to check to see if the Hotmail Solaris sysadmin job is still available, but www.microsoft.com is down. 
To: magellan
I tried to check to see if the Hotmail Solaris sysadmin job is still available, but www.microsoft.com is down.
I'll humor you. Post the url of the job posting if you can, troll.
13
posted on
06/06/2002 5:43:11 PM PDT
by
Bush2000
To: DallasMike
Unix based systems have more exploits than Windows, and that is a fact.
Windows More Secure Than Linux? Yep!
Thanks to David Byrne for this tip: For at least the first 8 months of 2001, open-source poster child Linux was far less secure than Windows, according to the reputable NTBugTraq, which is hosted by SecurityFocus, the leading provider of security information about the Internet. (The company's 2001 statistics are available only through August 2001 for the time being.) According to NTBugTraq, Windows 2000 Server had less than half as many security vulnerabilities as Linux during the reported period. When you break the numbers down by Linux distribution, Win2K had fewer vulnerabilities than RedHat Linux 7.0 or MandrakeSoft Mandrake Linux 7.2, and it tied with UNIX-leader Sun Microsystems Solaris 8.0 and 7.0. A look at the previous 5 years--for which the data is more complete--also shows that each year, Win2K and Windows NT had far fewer security vulnerabilities than Linux, despite the fact that Windows is deployed on a far wider basis than any version of Linux. So once again, folks, you have to ask yourselves: Is Windows really less secure than Linux? Or is this one of those incredible perception issues? For more information and the complete stats, visit the SecurityFocus Web site. I'll check back on this story to see how all of 2001 shapes up.
14
posted on
06/06/2002 5:51:20 PM PDT
by
Gorons
To: magellan
You are talkin' out your ass, Hotmail runs off FreeBSD not slowaris.
15
posted on
06/06/2002 5:57:51 PM PDT
by
Gorons
To: OneidaM;CheneyChick
the SUN had holes!!!???
............. any sign of the HOST?!
16
posted on
06/06/2002 6:00:18 PM PDT
by
SunnyUsa
To: Gorons
Unix based systems have more exploits than Windows, and that is a fact. I agree with you -- it's mostly a perception issue. I write Windows software for a living, play with Linux at home, and wish I had one of the new Macs. They're all good in their own ways and are getting better every year. I've never understood Microsoft-bashing because Bill Gates has made personal computers an integral part of everyone's lives. PCs would still be an obscure hobby for dweebs if it weren't for him.
To: Gorons
I remember that study. When you analyzed the reports you saw that most of the Linux exploits were local ones (ie, someone had to be physically present at the machine or at the very least have some level of user access beyond just being able to see the machine on a network) while the majority of the Windows ones were remote (ie, any schmuck with the right tool could break in). Also, I think that they counted a number of individual security alerts from various sources (Red Hat, SuSE, Mandrake, etc) as individual exploits even though the different companies were sending an alert for the same problem, so one exploit in Linux would get counted three times.
Is that the study you're referencing, or am I remembering a different one?
18
posted on
06/07/2002 9:32:57 AM PDT
by
Dimensio
To: SunnyUsa
hee hee hee
To: Dimensio
Its the same study, its all about perception and what distros ship with installed versus uninstalled, etc...
The point is all computers have security issues, no vendor is immune. ;)
20
posted on
06/07/2002 9:22:00 PM PDT
by
Gorons
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson