Sun Security Bulletin No 1 PartSun Microsystems, Inc. Security Bulletin
00177-00180
Bulletin Number:
#00177
Date:
October 21, 1998
Cross-Ref:
CERT Advisory CA-98.09.imapd
Title:
IMAP
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Bulletins Topics
Sun announces the release of patches for Sun Internet
Mail Server(tm)
versions 3.2 and 2.0 which relate to a vulnerability
in the IMAP
server process.
Sun recommends that you install the patches listed
in section 4
immediately on systems using Sun Internet Mail Server(SIMS)
3.2 and 2.0.
2. Affected Supported Versions
SIMS versions 3.2, 3.2_x86, 3.1, 3.1_x86, 2.0 and 2.0_x86
3. Understanding the Vulnerability
Sun Internet Mail Server provides support for IMAP,
POP and mailtool
clients. The IMAP server available with certain
versions of SIMS
is vulnerable to the buffer overflows referenced
in CERT Advisory
CA-98.09.
4. List of Patches
The following patches are available in relation to the above problem.
SIMS
Patch ID
_____
_________
3.2
105935-09
3.2_x86
105936-09
2.0
105346-07
2.0_x86
105347-07
Note: Sun recommends that sites using SIMS 3.1 or
3.1_x86 upgrade to
3.2 or 3.2_x86 and apply the corresponding patches
referenced above.
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
B. Checksums for the patches listed in this bulletin are available
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
C. Sun security bulletins are available via World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins>
D. Sun Security Coordination Team's PGP key is available via World
Wide Web
at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins/SunSCkey.txt>
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun answer centers
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help An explanation of how to get information
key Sun Security Coordination Team's PGP key
list A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
unsubscribe
Sender is removed from the CWS mailing list.
________________________________________________________________________________
Sun Microsystems, Inc. Security Bulletin
Bulletin Number:
#00178
Date:
November 9, 1998
Cross-Ref:
ISS Security Advisory: Hidden community string in SNMP
implementation
Title:
SNMP
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Background
Solstice Enterprise Agents(tm) expands the scope
of enterprise management
by providing a comprehensive development and runtime
environment
enabling the creation of custom, extensible agents
for device and
system management for the Solaris(tm) operating
environment. Solstice
Enterprise Agents(SEA) supports both the Simple
Network Management
Protocol and DMI protocols.
Simple Network Management Protocol(SNMP) was designed
to allow the
remote management of systems and devices on a network.
SNMP relies on
processes known as master agents and subagents.
Upon invocation,
agents read various configuration files and maintain
Management
Information Bases(MIBs). Access to information
in the MIBs can be
controlled by community strings. A default
community string is present
in the Sun SNMP subagent that may be exploited by
remote attackers to
modify system parameters or execute arbitrary commands
with root
privileges.
SEA was initially available as an unbundled product
and later bundled
with Solaris 2.6 at version 1.0.1.
2. Recommendations
Sun recommends that sites running Solaris 2.6 and
sites running SEA on
Solaris 2.5.1 upgrade the SEA software to SEA 1.0.3.
SEA 1.0.3 is bundled with Solaris 7. SEA 1.0.3 is
available for Solaris
2.6, 2.6_x86, 2.5.1, and 2.5.1_x86 and may be downloaded
from:
http://www.sun.com/solstice/products/ent.agents/
Sun also recommends that sites running SEA 1.0 on
Solaris 2.4 and 2.5
either disable SEA (see section 3) or upgrade the
operating system to
Solaris 7 if possible. Sites upgrading to
Solaris 2.5.1 or 2.6 may
obtain SEA 1.0.3 from the URL listed above.
3. Workaround
Sun recommends that you disable SEA on vulnerable
systems until
SEA 1.0.3 is installed.
To determine if your system is using SEA, use pkginfo
on one of the
following SEA packages: SUNWmibii, SUNWsacom, SUNWsadmi,
SUNWsasnm.
For example, on SEA 1.0 and 1.0.1, a pkginfo on
SUNWmibii will display
as follows:
% pkginfo SUNWmibii
system
SUNWmibii Solstice Enterprise Agent SNMP
daemon
On SEA 1.0.2:
% pkginfo SUNWmibii
system
SUNWmibii Solstice Enterprise Agents 1.0.2
SNMP daemon
To disable SEA, perform the following steps:
% su
Password:
# /etc/init.d/init.snmpdx stop
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
B. Checksums for the patches listed in this bulletin are available
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
C. Sun security bulletins are available via World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins>
D. Sun Security Coordination Team's PGP key is available via World
Wide Web
at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins/SunSCkey.txt>
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun answer centers
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help An explanation of how to get information
key Sun Security Coordination Team's PGP key
list A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
unsubscribe
Sender is removed from the CWS mailing list.
________________________________________________________________________________
_______________________________________________________________________________
Sun Microsystems, Inc. Security Bulletin
Bulletin Number:
#00179
Date:
November 18, 1998
Cross-Ref:
Title:
rdist
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Background
The rdist program is a setuid root utility that distributes
files
from one host to another. Several buffer overflow
vulnerabilities
have been discovered which could be exploited by
an attacker to
gain root access.
2. Affected Supported Versions
Solaris(tm) versions: 2.6, 2.6_x86, 2.5.1,
2.5.1_x86, 2.5, 2.5_x86,
2.4, 2.4_x86 and 2.3
SunOS(tm) versions: 4.1.4 and 4.1.3_U1
3. Recommendations
Sun recommends that you install the respective patches
immediately
on affected systems.
Operating System
Patch ID
_________________ _________
Solaris 2.6
105667-02
Solaris 2.6_x86 105668-02
Solaris 2.5.1
103817-03
Solaris 2.5.1_x86 103818-03
Solaris 2.5
103815-03
Solaris 2.5_x86 103816-03
Solaris 2.4
103813-03
Solaris 2.4_x86 103814-03
Solaris 2.3
101494-04
SunOS 4.1.4
103824-04
SunOS 4.1.3_U1 103823-04
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
B. Checksums for the patches listed in this bulletin are available
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
C. Sun security bulletins are available via World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins>
D. Sun Security Coordination Team's PGP key is available via World
Wide Web
at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins/SunSCkey.txt>
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun answer centers
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help An explanation of how to get information
key Sun Security Coordination Team's PGP key
list A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
unsubscribe
Sender is removed from the CWS mailing list.
________________________________________________________________________________
________________________________________________________________________________
Sun Microsystems, Inc. Security Bulletin
Bulletin Number:
#00180
Date:
December 17, 1998
Cross-Ref:
CERT Advisory CA-98.05
Title:
BIND
________________________________________________________________________________
The information contained in this Security Bulletin is provided "AS
IS."
Sun makes no warranties of any kind whatsoever with respect to the
information
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT
OR
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ARE
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE
LAW.
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF
LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED
IN
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED
OF
THE POSSIBILITY OF SUCH DAMAGES.
If any of the above provisions are held to be in violation of applicable
law,
void, or unenforceable in any jurisdiction, then such provisions are
waived
to the extent necessary for this disclaimer to be otherwise enforceable
in
such jurisdiction.
________________________________________________________________________________
1. Background
The Berkeley Internet Name Domain (BIND) is an implementation
of the
Domain Name System (DNS).
CERT Advisory CA-98.05 describes three vulnerabilities
in certain
versions of BIND. The first vulnerability, Inverse
Query Buffer Overrun,
can be exploited by a remote attacker to gain root
access to a DNS
name server. The second vulnerability, Denial-of-Service
Vulnerabilities,
is concerned with buffer overflows that can be exploited
to corrupt
DNS record data or crash the DNS server. SunOS(tm)
and Solaris(tm) are
not vulnerable to third vulnerability described
in the CERT advisory.
For more information about the vulnerabilities,
please see the
CERT advisory at:
http://www.cert.org/ftp/cert_advisories/CA-98.05.bind_problems
A vulnerability has also been discovered in SunOS
and Solaris's
implementation of BIND with their use of temporary
files. This vulnerability
can be exploited to overwrite arbitrary files.
2. Affected Supported Versions
Solaris(tm) versions: 2.6, 2.6_x86, 2.5.1,
2.5.1_x86, 2.5, 2.5_x86,
2.4, 2.4_x86 and 2.3
SunOS(tm) versions: 4.1.4 and 4.1.3_U1
3. Recommendations
Sun recommends that you install the respective patches
immediately on
vulnerable systems including both DNS clients and
servers.
Operating System
Patch ID
_________________ _________
Solaris 2.6
105755-07
Solaris 2.6_x86 105756-07
Solaris 2.5.1
103663-15
Solaris 2.5.1_x86 103664-15
Solaris 2.5
103667-11
Solaris 2.5_x86 103668-11
Solaris 2.4
102479-13
Solaris 2.4_x86 102480-11
Solaris 2.3
101359-10
SunOS 4.1.4
106866-02
SunOS 4.1.3_U1 106865-02
_______________________________________________________________________________
APPENDICES
A. Patches listed in this bulletin are available to all Sun customers
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
B. Checksums for the patches listed in this bulletin are available
via
World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html>
C. Sun security bulletins are available via World Wide Web at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins>
D. Sun Security Coordination Team's PGP key is available via World
Wide Web
at:
<URL:http://sunsolve.sun.com/sunsolve/secbulletins/SunSCkey.txt>
E. To report or inquire about a security problem with Sun software,
contact
one or more of the following:
- Your local Sun answer centers
- Your representative computer
security response team, such as CERT
- Sun Security Coordination
Team. Send email to:
security-alert@sun.com
F. To receive information or subscribe to our CWS (Customer Warning
System)
mailing list, send email to:
security-alert@sun.com
with a subject line (not body) containing one of the following commands:
Command
Information Returned/Action Taken
_______
_________________________________
help An explanation of how to get information
key Sun Security Coordination Team's PGP key
list A list of current security topics
query [topic]
The email is treated as an inquiry and is forwarded to
the Security Coordination Team
report [topic] The
email is treated as a security report and is
forwarded to the Security Coordination Team. Please
encrypt sensitive mail using Sun Security Coordination
Team's PGP key
send topic
A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):
send #138
subscribe
Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):
subscribe cws your-email-address
Note that your-email-address should be substituted
by your email address.
unsubscribe
Sender is removed from the CWS mailing list.
________________________________________________________________________________
Copyright 1998 Sun Microsystems, Inc. All rights reserved. Sun,
Sun Microsystems, Solaris and SunOS are trademarks or registered trademarks
of Sun Microsystems, Inc. in the United States and other countries.
This
Security Bulletin may be reproduced and distributed, provided that
this
Security Bulletin is not modified in any way and is attributed to
Sun Microsystems, Inc. and provided that such reproduction and distribution
is performed for non-commercial purposes.