Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)

From: Alexei_Roudnev (Alexei_Roudnev_at_exigengroup.com)
Date: Tue Apr 10 2007 - 21:43:30 CEST

• Next message: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
• Previous message: Alexei_Roudnev: "Re: [suse-sles-e] sles10 yast nccc with w3m"
• In reply to: Felix Schulte: "Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)"
• Next in thread: Marcus Meissner: "Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <18c601c77ba8$84313cd0$6f31a8c0@sjc.exigengroup.com>
From: "Alexei_Roudnev" <Alexei_Roudnev@exigengroup.com>
Date: Tue, 10 Apr 2007 12:43:30 -0700
Subject: Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)

Then the best you can do is:
- test ksh for _if it is really vulnurable_.
- may be, recompile ksh with unusual environment to prevent any _out of the
box_ tools to exploit it; (Sometimes just setting unusual stack boundary
cmay help).
- set up extremely good host IDS system which control your hosts against any
rootkits or/and trojans.
- think about 'no stack execution' mode (I am not sure how it works in
Linuxes).

I agree that it is a big problem in your case. And I fully agree that it
must be fixed ASAP by the vendor (it's more real problem then many
'theroretical' problems whcih are fixed every week).

----- Original Message -----
From: "Felix Schulte" <felix.schulte@gmail.com>
To: "Alexei_Roudnev" <Alexei_Roudnev@exigengroup.com>
Cc: <suse-sles-e@suse.com>
Sent: Tuesday, April 10, 2007 11:20 AM
Subject: Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse
ksh(93)

> On 4/10/07, Alexei_Roudnev <Alexei_Roudnev@exigengroup.com> wrote:
> > It is not low priority, but I dont know ANYONE who do allow running *sh
> > without jailing or partitioning (and esp. on Linuxes - FreeBSD and
> > Solaris are safer in this way).
> >
> > If someone have user's account on my server, I always trust him by some
way.
> > If I dont trust, I always jail this account (chroot, jail, and so on).
> > It is an axiom for at least 10 year for now. Number of _local_
> > vulnurabilities bnever been 0 on any Unix / Linux (except may be
NetBSD).
> IMO you're greatly underestimating the problem. Out of 37419 active
> accounts on our university 2301 use /bin/rksh as log in shell to
> restrict the users for various purposes. Unfortunately these accounts
> now have a gaping security hole and even worse: It is a known,
> published in the public and the vendor of the OS takes no action to
> fix it.
> --
> _ Felix Schulte
> _|_|_ mailto:felix.schulte@gmail.com
> (0 0)
> ooO--(_)--Ooo
>

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com

• Next message: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
• Previous message: Alexei_Roudnev: "Re: [suse-sles-e] sles10 yast nccc with w3m"
• In reply to: Felix Schulte: "Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)"
• Next in thread: Marcus Meissner: "Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Tue Apr 10 2007 - 23:49:59 CEST