Sun Cluster Vulnerabilities
Created 12/27/00
CVE 2001-0077
Impact
A remote attacker can access sensitive information about
the system running the cluster monitor service or about any
of the nodes in the cluster.
Background
The standard installation of Sun Cluster 2.x contains
a monitor service which runs on port 12000. The service
is intended to be used between nodes in the cluster using
Sun Cluster's administrative tool, hastat,
for exchanging information.
The Problem
The Cluster monitor service does not perform any
authentication of remote users, so any remote user
can connect to the server and acquire sensitive information
about the system or the entire cluster. Examples of
the information that can be acquired are a listing of
cluster nodes, full paths to the start and stop methods,
names and current locations of logical hosts, and the
complete contents of /var/adm/messages.
Although none of this information leads to direct access
to the system, it can be used to plan a subsequent attack.
Resolution
Restrict access to the in.mond service using
TCP wrappers, so that only trusted hosts can access it.
Where can I read more about this?
This vulnerability was posted to Bugtraq.