HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- ISS sysscan
Operating System - HP-UX
1833912
Members
3620
Online
110063
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2002 01:31 AM
04-24-2002 01:31 AM
ISS sysscan
Hi, ISS security scanner gives the 3 following advises. Does anyone know what they mean. if it really are security breaches, and last but not least how to solve them???
Thanks in Advance,
Donald
Check
Risk level
Brief description
ipcs-msg
Medium
Message queue grants world read/write permissions
Description Message queues allow co-operating processes to communicate. If a message queue permits uncontrolled reading and/or writing, then unauthorized users may be able to read data and disrupt or manipulate processes using the shared memory.
Consequences Unauthorized users may be able to access the shared memory.
Remedy Amend the access granted to be only to the users/groups of the processes using the message queue.
Vulnerability detail
Output from '/usr/bin/ipcs -q':
T ID KEY MODE OWNER GROUP
q 0 0x3c1c0465 -Rrw--w--w- root root
q 1 0x3e1c0465 --rw-r--r-- root root
Check
Risk level
Brief description
ipcs-sem
Medium
Semaphore grants world alter permissions
Description Semaphores are used to control access to shared memory segments. If a semaphore permits uncontrolled alteration, then unauthorized users may be able to disrupt or manipulate processes using the shared memory. This check determines if a semaphore grants 'alter' permission to all users.
Consequences Unauthorized users may be able to disrupt or manipulate processes using the shared memory.
Remedy Change the access so that it is only granted to the users/groups of the processes using the shared memory segment controlled by the semaphore.
Vulnerability detail
Output from '/usr/bin/ipcs -s':
T ID KEY MODE OWNER GROUP
s 0 0x411c0611 --ra-ra-ra- root root
s 1 0x4e0c0002 --ra-ra-ra- root root
s 2 0x412003c0 --ra-ra-ra- root root
s 6 0x61200cbf --ra-ra-ra- root root
s 7 0x73200cbf --ra-ra-ra- root root
s 8 0x70200cbf --ra-ra-ra- root root
s 9 0x69200cbf --ra-ra-ra- root root
s 10 0x75200cbf --ra-ra-ra- root root
s 11 0x63200cbf --ra-ra-ra- root root
s 12 0x64200cbf --ra-ra-ra- root root
s 13 0x66200cbf --ra-ra-ra- root root
s 14 0x6c200cbf --ra-ra-ra- root root
s 15 0x6d200cbf --ra-ra-ra- root root
s 16 0x6f200cbf --ra-ra-ra- root root
s 18 0x73181009 --ra-ra-ra- root root
s 20 0x410c09c1 --ra-ra-ra- root root
s 22 0x52200cbf --ra-ra-ra- root root
s 23 0x00280269 --ra-ra-ra- root root
Check
Risk level
Brief description
ipcs-shm
Medium
Shared memory segment grants world read/write permissions
Description Shared memory segments allow co-operating processes to communicate. If a memory segment permits uncontrolled reading and/or writing, then unauthorized users may be able to read data and disrupt or manipulate processes using the shared memory. This check determines if the shared memory segment grants read or write permissions to all users.
Consequences Unauthorized users may be able to read data, disrupt, or manipulate processes using the shared memory.
Remedy Access should only be granted to the users/groups of the processes using the shared memory segment.
Vulnerability detail
Output from '/usr/bin/ipcs -m':
T ID KEY MODE OWNER GROUP
m 0 0x411c0611 --rw-rw-rw- root root
m 1 0x4e0c0002 --rw-rw-rw- root root
m 2 0x412003c0 --rw-rw-rw- root root
m 4 0x06347849 --rw-rw-rw- root root
m 405 0xffffffff --rw-r--rw- root root
m 7 0x6d181009 --rw-rw-rw- root root
m 2414 0x00280267 --rw-r--r-- root root
Thanks in Advance,
Donald
Check
Risk level
Brief description
ipcs-msg
Medium
Message queue grants world read/write permissions
Description Message queues allow co-operating processes to communicate. If a message queue permits uncontrolled reading and/or writing, then unauthorized users may be able to read data and disrupt or manipulate processes using the shared memory.
Consequences Unauthorized users may be able to access the shared memory.
Remedy Amend the access granted to be only to the users/groups of the processes using the message queue.
Vulnerability detail
Output from '/usr/bin/ipcs -q':
T ID KEY MODE OWNER GROUP
q 0 0x3c1c0465 -Rrw--w--w- root root
q 1 0x3e1c0465 --rw-r--r-- root root
Check
Risk level
Brief description
ipcs-sem
Medium
Semaphore grants world alter permissions
Description Semaphores are used to control access to shared memory segments. If a semaphore permits uncontrolled alteration, then unauthorized users may be able to disrupt or manipulate processes using the shared memory. This check determines if a semaphore grants 'alter' permission to all users.
Consequences Unauthorized users may be able to disrupt or manipulate processes using the shared memory.
Remedy Change the access so that it is only granted to the users/groups of the processes using the shared memory segment controlled by the semaphore.
Vulnerability detail
Output from '/usr/bin/ipcs -s':
T ID KEY MODE OWNER GROUP
s 0 0x411c0611 --ra-ra-ra- root root
s 1 0x4e0c0002 --ra-ra-ra- root root
s 2 0x412003c0 --ra-ra-ra- root root
s 6 0x61200cbf --ra-ra-ra- root root
s 7 0x73200cbf --ra-ra-ra- root root
s 8 0x70200cbf --ra-ra-ra- root root
s 9 0x69200cbf --ra-ra-ra- root root
s 10 0x75200cbf --ra-ra-ra- root root
s 11 0x63200cbf --ra-ra-ra- root root
s 12 0x64200cbf --ra-ra-ra- root root
s 13 0x66200cbf --ra-ra-ra- root root
s 14 0x6c200cbf --ra-ra-ra- root root
s 15 0x6d200cbf --ra-ra-ra- root root
s 16 0x6f200cbf --ra-ra-ra- root root
s 18 0x73181009 --ra-ra-ra- root root
s 20 0x410c09c1 --ra-ra-ra- root root
s 22 0x52200cbf --ra-ra-ra- root root
s 23 0x00280269 --ra-ra-ra- root root
Check
Risk level
Brief description
ipcs-shm
Medium
Shared memory segment grants world read/write permissions
Description Shared memory segments allow co-operating processes to communicate. If a memory segment permits uncontrolled reading and/or writing, then unauthorized users may be able to read data and disrupt or manipulate processes using the shared memory. This check determines if the shared memory segment grants read or write permissions to all users.
Consequences Unauthorized users may be able to read data, disrupt, or manipulate processes using the shared memory.
Remedy Access should only be granted to the users/groups of the processes using the shared memory segment.
Vulnerability detail
Output from '/usr/bin/ipcs -m':
T ID KEY MODE OWNER GROUP
m 0 0x411c0611 --rw-rw-rw- root root
m 1 0x4e0c0002 --rw-rw-rw- root root
m 2 0x412003c0 --rw-rw-rw- root root
m 4 0x06347849 --rw-rw-rw- root root
m 405 0xffffffff --rw-r--rw- root root
m 7 0x6d181009 --rw-rw-rw- root root
m 2414 0x00280267 --rw-r--r-- root root
My systems are 100% Murphy Compliant. Guaranteed!!!
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2002 02:00 AM
04-24-2002 02:00 AM
Re: ISS sysscan
Hi,
The following link explains how shmget() sets the permissions via the shmflg parameter:
http://www.ecst.csuchico.edu/~beej/guide/ipc/shmem.html
Extracted here for your convenience:
Creating the segment and connecting
Similarly to other forms of System V IPC, a shared memory segment is created and connected to via the shmget() call:
int shmget(key_t key, size_t size, int shmflg);
Upon successful completion, shmget() returns an identifier for the shared memory segment. The key argument should be created the same was as shown in the Message Queues document, using ftok(). The next argument, size, is the size in bytes of the shared memory segment. Finally, the shmflg should be set to the permissions of the segment bitwise-ORd with IPC_CREAT if you want to create the segment, but can be 0 otherwise. (It doesn't hurt to specify IPC_CREAT every time--it will simply connect you if the segment already exists.)
It is an internal system call that you might have to deal with specifically in your database application. I am not aware of any OS command that can manipulate the permissions of a shared memory segment, semaphore or message queue.
Hope this helps. Regards.
Steven Sim Kok Leong
The following link explains how shmget() sets the permissions via the shmflg parameter:
http://www.ecst.csuchico.edu/~beej/guide/ipc/shmem.html
Extracted here for your convenience:
Creating the segment and connecting
Similarly to other forms of System V IPC, a shared memory segment is created and connected to via the shmget() call:
int shmget(key_t key, size_t size, int shmflg);
Upon successful completion, shmget() returns an identifier for the shared memory segment. The key argument should be created the same was as shown in the Message Queues document, using ftok(). The next argument, size, is the size in bytes of the shared memory segment. Finally, the shmflg should be set to the permissions of the segment bitwise-ORd with IPC_CREAT if you want to create the segment, but can be 0 otherwise. (It doesn't hurt to specify IPC_CREAT every time--it will simply connect you if the segment already exists.)
It is an internal system call that you might have to deal with specifically in your database application. I am not aware of any OS command that can manipulate the permissions of a shared memory segment, semaphore or message queue.
Hope this helps. Regards.
Steven Sim Kok Leong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2002 03:46 PM
04-25-2002 03:46 PM
Re: ISS sysscan
----
Hi, ISS security scanner gives the 3 following advises. Does anyone know what they mean. if it really are security breaches, and last but not least how to solve them???
----
1) They mean that local processes might be able to write to the shared memory/message queue areas. Remote processes cannot.
2) They are not security breaches.
3) You can solve them by contacting HP to have them change the internal applications using those shared resources.
What people do in practice:
4) Realize that ISS is going to be overly verbose in its error checking, and ignore the messages.
In fact, if these are the only warnings ISS generates on your system, you're doing very well at securing them! (Or someone has already gone through and suppressed all the other "false" messages ISS coughs up.)
-- Steve
Hi, ISS security scanner gives the 3 following advises. Does anyone know what they mean. if it really are security breaches, and last but not least how to solve them???
----
1) They mean that local processes might be able to write to the shared memory/message queue areas. Remote processes cannot.
2) They are not security breaches.
3) You can solve them by contacting HP to have them change the internal applications using those shared resources.
What people do in practice:
4) Realize that ISS is going to be overly verbose in its error checking, and ignore the messages.
In fact, if these are the only warnings ISS generates on your system, you're doing very well at securing them! (Or someone has already gone through and suppressed all the other "false" messages ISS coughs up.)
-- Steve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2002 10:48 PM
04-25-2002 10:48 PM
Re: ISS sysscan
Hi Steve,
thanks for the reply. The 3 messages are definitive NOT the only messages from ISS. They are the only ones i did not have clue what ISS meant.
I think I leave it like it is.
Greetzz
Donald
thanks for the reply. The 3 messages are definitive NOT the only messages from ISS. They are the only ones i did not have clue what ISS meant.
I think I leave it like it is.
Greetzz
Donald
My systems are 100% Murphy Compliant. Guaranteed!!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2002 11:53 PM
04-25-2002 11:53 PM
Re: ISS sysscan
By the way,
does the messages have anything to do with a danger for rootkits? The other day I read about rootkits that can write directly to /dev/kmem.
does the messages have anything to do with a danger for rootkits? The other day I read about rootkits that can write directly to /dev/kmem.
My systems are 100% Murphy Compliant. Guaranteed!!!
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP