Bugtraq mailing list archives
Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve
From: Casper.Dik () HOLLAND SUN COM (Casper Dik)
Date: Mon, 17 Apr 2000 13:30:45 +0200
* Suppose that your system is behaving strangely, and you are beginning to wonder if something has changed? * Suppose that your system has been hacked, and that you don't have an up-to-date checksums database? * Suppose that you've inherited a system and have no idea how it may have been modified or messed around with? ...well, here's a tool that can help you. Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve ------------------------------------------------------------ Where is it? Headline Article http://sunsolve.Sun.COM/ Database User Interface http://sunsolve.Sun.COM/pub-cgi/fileFingerprints.pl What is it? The sfpDB is a collection of MD5 digests ("fingerprints") for most files that have ever been shipped as part of Solaris products, as well as many unbundled products, too. The database allows mapping of fingerprints to pathnames, as well as providing package version/identifier and product name. This is, of course, a one to many mapping, as some files occur in several products, and the database aims to supply all canonical pathnames for each file. What use is it? There are some occasions when the integrity of a binary is questionable; by using "sfpDB", an administrator can quickly determine whether the file in question is one that Sun has actually shipped as part of a product. The motivation for this database was to help customers undertake post-mortem checks after a hacking incident; although it is better to do a complete reinstall, the ability to do a quick check on selected binaries can help you identify whether strange symptoms that you experience on your system may be result of tampering. That said, this tool will have many more uses beyond post-mortems, including software package identification, and pathname reconstruction for unlinked files. Are there more services planned? We (the sfpDB team) are investigating releasing not only the sfpDB service on the web, but also the complete database source, and are also looking at integrating the service with other tools. What software is indexed in the database? Although the database is *not* definitive, the intention is to make this collection as comprehensive as possible, covering operating-system releases, unbundled products, and patches. We've included Solaris releases from 2.0 onwards, the only Solaris release missing is 2.5.1/PPC. Alpha/Beta products will not be considered for inclusion. Symbolic-link information is not indexed. Because of the nature of the automatic checksums gathering process, we can only include checksums from files in Solaris package format. ie: no SunOS 4.x products or self-extracting, self-installing products such as some cross-platform Java based products. Where can I send feedback/ask questions/seek marketing information? Mail to: fingerprints () sun com Who are the sfpDB team? Casper Dik, Alec Muffett & Vasanthan Dasan
Current thread:
- Re: Back Door in Commercial Shopping Cart, (continued)
- Re: Back Door in Commercial Shopping Cart Anik (Apr 13)
- more problems with that POS dansie cart software! tombow (Apr 14)
- Re: more problems with that POS dansie cart software! Randy Janinda (Apr 14)
- nmh-1.0.4 released Dan Harkless (Apr 14)
- xfs Michal Zalewski (Apr 16)
- StarOffice 5.1 Michal Zalewski (Apr 16)
- XFree86 server overflow Michal Zalewski (Apr 16)
- XFree86 server overflow - exploit issues Michal Zalewski (Apr 16)
- Reappearance of an old IE security bug Ben Mesander (Apr 16)
- Re: Reappearance of an old IE security bug Vladimir Dubrovin (Apr 17)
- Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve Casper Dik (Apr 17)
- Re: XFree86 server overflow Olaf Kirch (Apr 17)
- Re: XFree86 server overflow Valentin Pavlov (Apr 17)
- Microsoft Security Bulletin (MS00-025) Microsoft Product Security (Apr 17)
- Re: XFree86 server overflow Paweł Sakowski (Apr 17)
- RAZOR Analysis of dvwssr.dll Simple Nomad (Apr 17)
- response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Theo de Raadt (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command R. C. Dowdeswell (Apr 17)
- xfs security issues (fwd) Chris Evans (Apr 17)