re: COPS Warning message on AIX.4.1.5

Charles Macdonald (charles.macdonald@hrdc-drhc.gc.ca)
Thu, 5 Nov 98 8:05:53 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: jhawkin@visuallink.com: "Re: FAQ presence on web search engines"
Previous message: D'Souza, Austin: "COPS Warning message on AIX.4.1.5"
Maybe in reply to: D'Souza, Austin: "COPS Warning message on AIX.4.1.5"

A research chalenge so early in the morning! and just one hit on
Alta-Vista too! (and a trail of three sites to get the information)

if you look at http://www.cert.org/advisories/index.html
you will find a list of CERT advisories..

For example at
http://www.cert.org/advisories/CA-91.19.AIX.TFTP.Daemon.vulnerability.html
there is the CA 91-19 report on a posible hole in TFTPD on AIX.

Looking for the info on the cops program it seems that it checks your
system against the list of problems that CERT has found (just using file
dates) and so flags any files that should be checked.

Just for anyone who is not following, (8->) here is the key info I found
on my way to the above info....

<Snippet 1> COPS (The Computer Oracle and Password System)

COPS is a publicly available collection of programs that attempt to
identify security problems in a UNIX system. COPS does not attempt
to
correct any discrepancies found; it simply produces a report of its
findings. COPS is available by anonymous FTP from

info.cert.org:/pub/tools/cops
<snippet2>
..... dates of CERT advisories vs. key files. This checks the dates that
various bugs and security holes were reported by CERT against the
actual date on the file in question. A positive result doesn't
always mean that a bug was found, but it is a good indication that
you should look at the advisory and file for further clues. A
negative result, obviously, does not mean that your software has no
holes, merely that it has been modified in SOME way (perhaps merely
"touch"'ed) since the advisory was sent out.
<end of snippets>

Of course Austin, now that everyone knows that there is a posibility of a
hole in a system, you really should get the patches 8->>
-------------
Original Text
From: "D'Souza, Austin" <ADSouza@caiso.com>, on 98/11/04 04:40 PM:
To: INET["'FAQ-Maintainers@lists.consensus.com'"
<FAQ-Maintainers@lists.consensus.com>]

When I run the cops report everyday on my AIX 4.1.5 server , At the end of
the cops report I get the following warning.
Can any one help me in solving this problem.

The warning message is below:
Warning! /usr/lib/sendmail could have a hole/bug! (CA-88:01)
Warning! /bin/login could have a hole/bug! (CA-89:01)
Warning! /etc/ftpd could have a hole/bug! (CA-89:01)
Warning! /etc/fingerd could have a hole/bug! (CA-89:01)
Warning! /usr/ucb/rdist could have a hole/bug! (CA-91:20)
Warning! /etc/tftpd could have a hole/bug! (CA-91:19)

My email id is adsouza@caiso.com

Thanks
Austin D'souza

Next message: jhawkin@visuallink.com: "Re: FAQ presence on web search engines"
Previous message: D'Souza, Austin: "COPS Warning message on AIX.4.1.5"
Maybe in reply to: D'Souza, Austin: "COPS Warning message on AIX.4.1.5"

[ Usenet Hypertext FAQ Archive | Search Mail Archive | Authors | Usenet ]
[ 1993 | 1994 | 1995 | 1996 | 1997 ]