|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Cyberguard FW Silliness
From: phzy
ANTIPLUR.COMDate: Sun Nov 05 2000 - 10:47:25 CST
- Next message: Loki: "Mantrap Advisory Vendor Followup - Fate Research Labs"
- Previous message: CaptainBig: "Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server"
- Maybe in reply to: phzyANTIPLUR.COM: "Cyberguard FW Silliness"
- Next in thread: Green, Art (MED): "Re: Cyberguard FW Silliness"
- Maybe reply: phzyANTIPLUR.COM: "Re: Cyberguard FW Silliness"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey Richard,
The system I originally reviewed was a Proliant running version
4.3 of Cyberguard for SCO. The software bundle that the administrators
of the firewall received from Cyberguard appears to be very similar
to what the Knightstar appliance uses. Both strive to be 'B2' compliant,
both feature rapid installation, etc.
On Sat, 4 Nov 2000 10:41:09 -0500, "Richard Tufaro Jr."
<Richfloridanetcom.com> wrote :
> What version 4.3, running on the Nightstar?
>
> ----- Original Message -----
> From: <phzyANTIPLUR.COM>
> To: <BUGTRAQsecurityfocus.com>
> Sent: Friday, November 03, 2000 6:24 PM
> Subject: Cyberguard FW Silliness
>
>
> | Hey guys,
> |
> | Not an extremely huge issue, however one I think worth noting.
> | Cyberguard claims that their FW software runs atop 'hardened'
> | versions of SCO/Unixware (comes bundled w/ the FW package).
> | However, on a default installation of
> | the latest version of the Cyberguard FW on SCO, there are a number
> | of silly permissions on various critical files/directories:
> |
> | drw-rw-rw- /etc/security/firewall/cm
> | drw-rw-rw- /etc/security/firewall/cm-defaults
> | -rw-rw-rw- /etc/.device.tab.lock
> | drwxrwxrw- /etc/conf/pack.d/ktrc
> | -rw-rw-rw- /etc/iaf/cr1/.kmpipe
> | -rw-rw-rw- /etc/scsi/dtab.out
> | -rw-rw-rw- /etc/wsinit.err
> | -rw-rw-rw- /usr/X/lib/fs/fs-errors
> | -rwxrwxrwx /usr/X/desktop/Help_Desk
> | -rw-rw-rw- /var/adm/log/routes
> | -rw-rw-rw- /var/adm/log/qhap.log
> | -rw-rw-rw- /var/adm/sa/*
> | -rw-rw-rw- /var/adm/spellhist
> | -rw-rw-rw- /var/adm/unixtsa.log
> | drwxrwxrwx /var/sadm/dist
> | drwxrwxrwx /var/content/*
> | -rw-rw-rw- /var/audit/1018_list
> | -rw-rw-rw- /dev/X/xfont.7000
> | -rw-rw-rw- /tmp/.scopty
> | -rw-rw-rw- /opt/QUALha/dev/ifs/*
> |
> | Of course, the obvious symlink/race conditions apply w/ the temp files
> | listed above.
> |
> | When Cyberguard was notified that their 'hardened' OS is not quite
> | as 'hardened' as originally thought, they stated that we would be
> | performing the configuration changes at our own risk and will
> | discontinue our support due to our 'custom', 'uncertified'
> | FW installation. However, they would glady
> | send out a consultant at a cost of $15,000 to audit and certify our
> | 'custom' configuration. HEH!
> |
> | - phzy
> |
> |
> |
> | --
> | Sent with Antiplur webmail: http://webmail.antiplur.com
> |
>
>
>
>
-- Sent with Antiplur webmail: http://webmail.antiplur.com
- Next message: Loki: "Mantrap Advisory Vendor Followup - Fate Research Labs"
- Previous message: CaptainBig: "Re: [SAFER] Buffer overflow in Lotus Domino SMTP Server"
- Maybe in reply to: phzyANTIPLUR.COM: "Cyberguard FW Silliness"
- Next in thread: Green, Art (MED): "Re: Cyberguard FW Silliness"
- Maybe reply: phzyANTIPLUR.COM: "Re: Cyberguard FW Silliness"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]