Re: [PEN-TEST] Tru64 security info?

[Miller Scott Contr 30CS/FTI <Scott.Miller () VANDENBERG AF MIL>]

Securityfocus is always a good place to start, though they're not always
very good about flagging multi-vendor problems as affecting Tru64.  I think
ttdbserver had some problems.  Try looking up patches OSFPAT00005200,
OSFPAT00005700, OSFPAT00006500, OSFPAT00011800, SSRT0583U, and SSRT0588U for
security information.  My experience (at work and home) has been with 4.0b,
so I'm not sure how it differs.  And check
http://www.sabernet.net/papers/Tru64.html for information on securing Tru64,
which should also tell you which things are often overlooked.

Scott

> -----Original Message-----
> From: Gloede, Dave [mailto:dgloede () SUNTZU NET]
> Sent: Wednesday, August 23, 2000 10:13 AM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Tru64 security info?
>
>
> Hello all -
>
> I am currently on a penetration test against 3 Tru64 4.0F
> UNIX machines.
> Unfortunately, the only thing I know about the machines is
> which ports are
> open.  The only information that I can find on Digital UNIX
> vulnerabilities
> is outdated (~1998/99).  I'm new to Tru64/DEC UNIX realm, so
> if someone
> could point me to more current security/vulnerability/exploit
> resources, I
> would appreciate it.
>
> Thanks -
>
>       /d
>
> David Gloede
> Information Security Engineer
> Sun Tzu Security, Ltd.
> 414.289.0966