topic Re: security issues in Operating System - HP-UX

security issues

Omar Alvi_1 — Sat, 06 Mar 2004 06:53:25 GMT

Hi,

Is there a security patch bundle released by HP? I actually wanted to address the following issues raised by a customer.

-NFS Exported Directories Mountable by unathorized users .

-statd service may be vulnerable to a format string attack .

-rpc. mountd daemon might be vulnerable to an off-by one overflow .

-Sendmail Header Processing Buffer Overflow Vulnerability .

-Sendmail Addredd Prescan Possible Memory Corruption Vulnerability .

-Sendmail Prescan() Remote Buffer Overrun Vulnerability .

-Multiple Vendor SNMP Request And Trap Handling Vulnerabilities.

Thanks and Regards,

Omar Alvi

Re: security issues

Patrick Wallek — Sat, 06 Mar 2004 12:03:41 GMT

No there is no security patch bundle per se.

The easiest way to address security patches is with the security_patch_check tool. Download and install this tool.

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

(Note that this requires Perl which can be obtained here: )
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL

Then run it:

# /opt/sec_mgmt/spc/bin/security_patch_check -r

It will give you a list of security patches required to get your system up to date.

With that list you can then go to the ITRC Patch database

http://www1.itrc.hp.com/service/patch/mainPage.do

Search for each patch, add it to your list and then download the whole bundle. This will also resolve any patch dependencies as well.

Re: security issues

Steven E. Protter — Sat, 06 Mar 2004 20:00:58 GMT

Looking for the magic security patch bundle.

Stop looking.

Security is based on the dilligence and time of the systems administrator. You have to stay on top of patches, keep your eyes on the net for new threats.

There are other tools that help though.

Security Patch Check
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA

TCP Wrappers

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=TCPWRAP

IDS/9000 (Intrusion Detection Sytstem)

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA

Get all these products working you'll be quite secure.

Secure shell
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA

ipfilter
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B9901AA

Also, dump any logins or transfers based on the insecure Berkley protocols. rsh.remesh.rcp.

Permissions are key. Especially when exposed to the public Internet.

SEP

Re: security issues

Berlene Herren — Sun, 07 Mar 2004 07:13:47 GMT

Omar, HP can perform a security analysis/audit for you, and give solid recommendations to secure your servers. Ping me if you want more info....

berlene.herren@hp.com

Re: security issues

Robert Fritz — Sun, 07 Mar 2004 18:06:54 GMT

I might also suggest the Bastille lockdown tool. It will help turn off services that you don't need, and help configure a firewall.

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA