Bugtraq mailing list archives

Re: Security Hole in Axent ESM

From: lbassett () FORE COM (Larry Bassett)
Date: Thu, 27 Aug 1998 07:41:12 -0400


Your point about checksums is well taken.  We were externally audited and
the auditors used Axent ESM.  The Axent ESM is not what I would call a
great security assessment tool.  It is brain dead in a few places.

It will complain about files and directories that have more secure
permissions since it only checks to see if files have the permissions it is
expecting.  It also  complains about the files it installs.

It complained about uninstalled patches.  In our case this was completely
ridiculous because we already had newer revisions of the patches than the
ones they suggested we install.

It complained about an HP printer device being world writable.  This
complaint was pointless since these device files are functionally
equivalent to /dev/null.

It complained that a umask of 022 was unsafe.  They suggested 027.

There were other questionable findings but it will find misconfigurations
and stupid mistakes.  However, there are better tools available.

My boss bought Axent ESM and wants me to install it.  Before installing

it,I noticed it relies on CRC checksums as the mechanism to validate the
integrity of the files.  This appears to be a major security NO-NO, and
even old freeware security packages like Tripwire use stronger algorithms.
...snip...

I talked with our Axent contact and he claimed that their file integrity
validation could not be compromised by a hacker because Axent has security
experts that designed ESM.

Trust nobody!

...snip...

___________________________________________________________________________

Larry W. Bassett                                Direct: 724-742-RISK (7475)
Data Security Administrator                     Main:   724-742-4444
FORE Systems Inc.                               Fax:    724-742-7421
3000 FORE Drive                                 URL:    http://www.fore.com
Warrendale, PA  15086-7594                      Email:  lbassett () fore com

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 4.0 Business Edition

mQENAjJP6WAAAAEIALgtOtvlUAflrBq7bRpO1gSDj6u5jZFmVubCTHDW+EyejjQ+
plqn7C9MOc6ntm7EFgUrTwnTsAoBU6RkmLtUF89R9ORIaTMPKH41Z9k/S0ACvj6+
esw/hnWKsumTFMsvCoRUmsTv69RfJo++Pk61+I84TNYqOLvwt3KehxYTyfUh6gUL
aaY8a126u/DstNIDTxt1V3i6tbQW0+91ydauBdcwIrDudbZZ17hOvlq/EYamn2Mw
XLIuf+3fGvLsJxUC+dtSG94kNCa69BwPmbrqCrC048BkRtINeilRyQzrJbFiJVhi
JP9YQw0p6ieozDEF9HZ+7snlhmTKJ3J+FAKuXBMABRG0JExhcnJ5IFcuIEJhc3Nl
dHQgPGxiYXNzZXR0QGZvcmUuY29tPg==
=dtEq
-----END PGP PUBLIC KEY BLOCK-----

Current thread:

Re: Security Hole in Axent ESM Larry Bassett (Aug 27)
- <Possible follow-ups>
- Re: Security Hole in Axent ESM Dr. Mudge (Aug 27)
- Re: Security Hole in Axent ESM Steve McBride (Aug 27)
- Re: Security Hole in Axent ESM Douglas G Conorich (Aug 27)
  - Re: Security Hole in Axent ESM Mark (Aug 28)
    - Re: Security Hole in Axent ESM Bert Driehuis (Aug 29)
- Re: Security Hole in Axent ESM Douglas G Conorich (Aug 27)
- Re: Security Hole in Axent ESM Steve Jackson (Aug 28)
  - Re: Security Hole in Axent ESM Paul Ashton (Aug 28)
- Re: Security Hole in Axent ESM Andy Church (Aug 29)
- Re: Security Hole in Axent ESM reddog (Aug 30)

(Thread continues...)