Penetration Testing mailing list archives
Re: [PEN-TEST] Tru64 security info?
From: Miller Scott Contr 30CS/FTI <Scott.Miller () VANDENBERG AF MIL>
Date: Thu, 24 Aug 2000 12:58:50 -0700
Securityfocus is always a good place to start, though they're not always very good about flagging multi-vendor problems as affecting Tru64. I think ttdbserver had some problems. Try looking up patches OSFPAT00005200, OSFPAT00005700, OSFPAT00006500, OSFPAT00011800, SSRT0583U, and SSRT0588U for security information. My experience (at work and home) has been with 4.0b, so I'm not sure how it differs. And check http://www.sabernet.net/papers/Tru64.html for information on securing Tru64, which should also tell you which things are often overlooked. Scott
-----Original Message----- From: Gloede, Dave [mailto:dgloede () SUNTZU NET] Sent: Wednesday, August 23, 2000 10:13 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Tru64 security info? Hello all - I am currently on a penetration test against 3 Tru64 4.0F UNIX machines. Unfortunately, the only thing I know about the machines is which ports are open. The only information that I can find on Digital UNIX vulnerabilities is outdated (~1998/99). I'm new to Tru64/DEC UNIX realm, so if someone could point me to more current security/vulnerability/exploit resources, I would appreciate it. Thanks - /d David Gloede Information Security Engineer Sun Tzu Security, Ltd. 414.289.0966
Current thread:
- [PEN-TEST] Tru64 security info? Gloede, Dave (Aug 24)
- <Possible follow-ups>
- Re: [PEN-TEST] Tru64 security info? Miller Scott Contr 30CS/FTI (Aug 24)