Vulnerability

    Cyberguard

Affected

    Cyberguard FW

Description

    'phzy' found following.  Not an extremely huge issue.   Cyberguard
    claims that  their FW  software runs  atop 'hardened'  versions of
    SCO/Unixware (comes  bundled w/  the FW  package).   However, on a
    default installation of  the latest version  of the Cyberguard  FW
    on  SCO,  there  are  a  number  of  silly  permissions on various
    critical files/directories:

        drw-rw-rw-   /etc/security/firewall/cm
        drw-rw-rw-  /etc/security/firewall/cm-defaults
        -rw-rw-rw- /etc/.device.tab.lock
        drwxrwxrw- /etc/conf/pack.d/ktrc
        -rw-rw-rw- /etc/iaf/cr1/.kmpipe
        -rw-rw-rw- /etc/scsi/dtab.out
        -rw-rw-rw- /etc/wsinit.err
        -rw-rw-rw- /usr/X/lib/fs/fs-errors
        -rwxrwxrwx /usr/X/desktop/Help_Desk
        -rw-rw-rw- /var/adm/log/routes
        -rw-rw-rw- /var/adm/log/qhap.log
        -rw-rw-rw- /var/adm/sa/*
        -rw-rw-rw- /var/adm/spellhist
        -rw-rw-rw- /var/adm/unixtsa.log
        drwxrwxrwx /var/sadm/dist
        drwxrwxrwx /var/content/*
        -rw-rw-rw- /var/audit/1018_list
        -rw-rw-rw- /dev/X/xfont.7000
        -rw-rw-rw- /tmp/.scopty
        -rw-rw-rw- /opt/QUALha/dev/ifs/*

    Of  course,  the  obvious  symlink/race  conditions apply with the
    temp files listed above.

Solution

    When Cyberguard was notified that their 'hardened' OS is not quite
    as 'hardened' as originally thought, they stated that we would  be
    performing  the  configuration  changes  at  our own risk and will
    discontinue  our  support  due  to  our 'custom', 'uncertified' FW
    installation.  However, they would glady send out a consultant  at
    a cost of $15,000 to audit and certify our 'custom' configuration.

    When accessing all of these  using a unprivileged user and  except
    for the last item,  could not read or  write the files.   However,
    complete reliance upon any one aspect of an operating system is  a
    recipe for disaster.