The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Zardoz 'Security Digest' - Archives (1989 - 1991)
DOCUMENT: Zardoz 'Security Digest' V2 #5 1990-01-31 (1 file, 3173 bytes)
NOTICE: recognises the rights of all third-party works.


Date: Wed, 31 Jan 90 23:23:25 PST
Subject: Security Digest V2 #5

Security Digest Volume 2 Issue 5


            Sun Sendmail Vulnerability
            Book Announcement


Date: Mon, 29 Jan 90 16:47:21 EST
From: Kenneth R. van Wyk <uunet!SEI.CMU.EDU!krvw>
Subject: Sun Sendmail Vulnerability

[ This was explained in detail in volume 1, issue 34 of the security
digest dated 26-sep-89.  Now that the patent and some other stuff is
out of the way, I *promise* that I will set up the automated archive
service real soon now. - neil ]

                            CERT Advisory
                           29 January 1990
                      Sun Sendmail Vulnerability

The Computer Emergency Response Team Coordination Center (CERT/CC) has
learned of, and has verified, break-ins on several Internet systems
in which the intruders have exploited a vulnerability in the Sun
sendmail program.  This vulnerability exists in all versions of
SunOS up to and including the current version, 4.0.3 on Sun 3, Sun 4,
and Sun 386i systems (note that 4.0.2 is the most current version of
SunOS on the 386i machines). That is, all current Sun systems.

The vulnerability has previously been reported to Sun and a solution
to this problem (Sun bug # 1028173) is available via a new version of
sendmail supplied by Sun.  The new sendmail is available directly from
the Sun Answer Center (1-800-USA-4SUN).  Sun 3 and Sun 4 sendmail
binaries are also available via anonymous FTP from in the
/sun-fixes directory.

This incident underscores the need for system administrators to
maintain an awareness of the steps their vendors are taking to
improve the security aspects of their products, and to seriously
consider upgrading system configurations when solutions to security
problems are made available.

Administrators of Sun systems are urged to contact Sun for the new
version of the sendmail program.  Administrators of machines other
than Suns are urged to contact their vendors to verify that they are
running the latest version of sendmail, since there may have been
security related fixes to it in the past year.

If you need further information on this problem, contact your Sun
representative or CERT/CC.  CERT/CC can be contacted by telephone at
(412) 268-7090 (24 hours) or email to [email protected] (monitored

Our thanks to Matt Bishop and Wayne Cripps for their efforts in
analyzing and investigating this problem and its solution.


Date: Mon, 29 Jan 90 10:59:36 EST
From: Gene Spafford <uunet!!spaf>
Subject: Book Announcement

[ Gene Spafford sent this to me with a question about whether it is
appropriate material for the security list.  I would not normally put
book announcements in, but in this case I will gladly make an
exception. - neil ]

"Computer Viruses: Dealing with Electronic Vandalism and Programmed
Threats" by Eugene Spafford, Kathleen Heaphy, and David Ferbrache.
1989, 109 pages.  Published by ADAPSO.

The book has been written to be an accessible resource guide for
computer users and managers (PC and mainframe).  It presents a
high-level discussion of computer viruses, explaining how they work,
who writes them, and what they do.  It is not intended to serve as a
technical reference on viruses, both because the audience for such a
work would be limited, and because such a reference might serve to aid
potential virus authors.

The goal of the book is to dispell some common myths about viruses
(and worms, trojan horses, et. al.), and provide simple, effective
suggestions for how to protect computer systems against these threats.
It furthermore stresses that most systems face greater threats from
other areas, so the proper attitude to take is to strengthen overall
security; concrete suggestions for enhancing overall security are also

The appendices provide extensive references to other publications,
security organizations, anti-viral software sources, applicable (U.S.)
state and Federal laws against computer crime, and detailed
descriptions of all IBM and Apple Macintosh viruses known as of 1
October 1989.

Although written for ADAPSO members, almost any computer user should
find it instructive.  The appendices are an excellent source of
further information, addresses and phone numbers, and pointers to
software.  At least one university professor has indicated he will use
the book in a security course, and some law enforcement agencies are
also considering using the book for instructional purposes.

The authors are interested in comments and feedback about the book,
especially in areas where information might be added.  You can contact
them by sending mail to "[email protected]"

Table of Contents:
  Executive Summary
  Programmed Threats
  What is a Computer Virus?
    A History Lesson
    Formal Structure
    How do viruses spread?
    The three stages of a virus's life
    Replication strategies
    Recognizing a viral infection
  Dealing with Viruses
    Detection of a viral infection
    A definition of security
    Security as a goal
    Risk assessment
    Some General Approaches
  Legal Issues
    Criminal laws
    Civil suits
  Further Information on Viruses
    Characteristic lengths
    Names of Known Viruses
    Known IBM PC viruses by Characteristics
    Known Apple Macintosh Viruses
    Characteristic resources for Mac viruses
  Information on Anti-Viral Software
    Selected reviews of Anti-viral Software
    Easily obtained software
    Internet Archives
    Other Places to Look
  Further Information on Legal Aspects of Viruses
    Federal Laws
    State Laws
    Other Sources of Information
  Further Reading and Resources
    Organizations and Associations
    Government Agencies
    Journals and Newsletters
    Other Readings

A copy can be ordered from
        1300 North Seventeenth St.
        Suite 300
        Arlington, VA 22209  USA
        Attn: Mr. John Gracza

Single copies are $30.  Copies ordered on university stationery or on
stationery of ADAPSO member companies is only $20, and $16 for the
second and subsequent copies.

Requests for review copies or special considerations should be
addressed directly to John Gracza.  Copies have been given away to
ADAPSO member companies, and various state and Federal law enforcement
agencies, so check with others in your organization to see if a copy
isn't already available for review.

Overseas orders will be shipped surface mail.  Overseas orders that
are to be shipped air mail should include an additional $10 for

All payment should be in US dollars, no cash or stamps.


        End of Security Digest Volume 2 Issue 5