【TWCERT/CC安全通報】 TW-CA-2005-060-[Sun(sm) Alert Notification

看板NetSecurity (資安資訊安全)作者Lan.時間20年前 (2005/05/21 19:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

※ 本文轉錄自 [Lan] 信箱作者: twcert@cert.org.tw (TWCERT/CC Fellows) 標題: 【TWCERT/CC安全通報】 TW-CA-2005-060-[Sun(sm) 時間: Fri May 20 11:52:08 2005 -----BEGIN PGP SIGNED MESSAGE----- TW-CA-2005-060-[Sun(sm) Alert Notification #57766: Certain Network Services Disruptions or 'Spoofs' Could Occur as a Result of Possible Theft of Network Ports] ──────────────────────────────────────── TWCERT/CC發布日期：2005-05-20 原漏洞發布日期：2005-04-18 原漏洞最新更新日期：-- 通用安全漏洞編號：分類：Miscellaneous 來源參考：Sun(sm) Alert Notification #57766 ──── 簡述 ───────────────────────────────── ──── 說明 ───────────────────────────────── 本地端沒有權限的使用者可以將程序執行在未經授權的網路通訊埠上，藉由 "竊取" 通訊埠，在這些通訊埠上執行的程序是可修改的或者是"trojaned"(木馬)版本。這個情況會導致服務的瓦解、敏感資訊的洩漏或是有可能會連累到遠端的系統。注意：本議題只發生在當網路服務在未經授權通訊埠上執行的時候，例如 NFS 或 NIS，而且此網路伺服器系統是可允許使用者登入的。 ──── 影響平台 ─────────────────────────────── 此議題可能影響下列發行版本： SPARC 平台 ‧未安裝 116965-08 修正檔的 Solaris 8 ‧未安裝 118305-02 修正檔的 Solaris 9 x86 平台 ‧未安裝 116966-08 修正檔的 Solaris 8 ‧未安裝 117470-01 修正檔的 Solaris 9 注意：Solaris 7 與 Solaris 10 不受本安全議題影響。 ──── 修正方式 ─────────────────────────────── 暫時解決方法：無暫時性解決方法，請參閱 "解決方法"。解決方法：此議題已於下列版本中解決： SPARC 平台 ‧安裝 116965-08 或更新版本修正檔的 Solaris 8 ‧安裝 118305-02 或更新版本修正檔的 Solaris 9 SPARC 平台 ‧安裝 116966-08 或更新版本修正檔的 Solaris 8 ‧安裝 117470-01 或更新版本修正檔的 Solaris 9 ──── 影響結果 ─────────────────────────────── 上述議題依賴安裝 "trojan" 程式，而目前尚無可預期的徵兆顯示上述議題已遭受利用。像 NIS 服務就有可能在沒有任何理由情況下就停止運作。 ──── 聯絡TWCERT/CC ───────────────────────────── Tel: 886-7-5250211 FAX: 886-7-5250212 886-2-23563303 886-2-23924082 Email: twcert@cert.org.tw URL: http://www.cert.org.tw/ PGP key: http://www.cert.org.tw/eng/pgp.htm ──────────────────────────────────────── 附件：[Certain Network Services Disruptions or 'Spoofs' Could Occur as a Result of Possible Theft of Network Ports] ──── 原文 ───────────────────────────────── Sun(sm) Alert Notification Sun Alert ID: 57766 Synopsis: Certain Network Services Disruptions or "Spoofs" Could Occur as a Result of Possible Network Port Theft Category: Security Product: Solaris BugIDs: 5089150 Avoidance: Patch State: Resolved Date Released: 18-Apr-2005 Date Closed: 18-Apr-2005 Date Modified: 1. Impact Local unprivileged users may be able to start processes on non-privileged network ports. By "stealing" the port, these processes may act as modified or "trojaned" versions of the service that typically runs on that port. This condition could lead to service disruption, a sensitive information leak, or possible compromise of remote systems. Note: This issue only applies to network services which run on non-privileged ports such as NFS or NIS, and network server systems which allow user logins. 2. Contributing Factors This issue can occur in the following releases: SPARC Platform Solaris 8 without patch 116965-08 Solaris 9 without patch 118305-02 x86 Platform Solaris 8 without patch 116966-08 Solaris 9 without patch 117470-01 Note: Solaris 7 and Solaris 10 are unaffected by this issue. 3. Symptoms Depending on the "trojan" that has been installed, there may be no obvious symptoms to indicate this issue has occurred. It is possible that services such as NIS may stop working for no apparent reason. Solution Summary Top 4. Relief/Workaround There is no workaround. Please see the "Resolution" section below. 5. Resolution This issue is addressed in the following releases: SPARC Platform Solaris 8 with patch 116965-08 or later Solaris 9 with patch 118305-02 or later x86 Platform Solaris 8 with patch 116966-08 or later Solaris 9 with patch 117470-01 or later This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2005 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. ──────────────────────────────────────── -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQEVAwUBQo1eBacyQYefg2/NAQEY/QgAvXRmzY1QopD2MASl5kFzLs0xORQWV6ri 64O+GSTPYyZVNKHfyy+WBzBbWEG1OSt5DYpKh78i7/WY7nyJXPQ3lDh62NPiPyTY 0vutBtGW9MWmP6e32o9LYNW9h5mJ+9qTsnDWqUyLEkIL0exoSTKYOx4aT7bF4d1i +I+PYW6MFmXoYNfW+alhi60y8vbg/a1ymmRotbrW3nvaD8IPwqgY+I94W0mFZC3s 6/KmPaKmN4Ff6PfrjoTc79w31CYD+jmGRVUb2efTrpLgsbC2oISuEUNWYGQ+MjqF f+yGQlwXC7X/kDZUG/7wD4bhXUr9ieno1M8Y5dFUbzVLg8I67oE5wg== =QxGV -----END PGP SIGNATURE----- -- Taiwan Computer Emergency Response Team Security Advisory mailing list. Mail to : Majordomo@cert.org.tw and include a line "subscribe advisory". Please visit http://www.cert.org.tw/. PGP key : http://www.cert.org.tw/eng/pgp.htm