Tutorial - Sun Cluster Vulnerabilities

Sun Cluster Vulnerabilities

Created 12/27/00
CVE 2001-0077

Impact

A remote attacker can access sensitive information about the system running the cluster monitor service or about any of the nodes in the cluster.

Background

The standard installation of Sun Cluster 2.x contains a monitor service which runs on port 12000. The service is intended to be used between nodes in the cluster using Sun Cluster's administrative tool, hastat, for exchanging information.

The Problem

The Cluster monitor service does not perform any authentication of remote users, so any remote user can connect to the server and acquire sensitive information about the system or the entire cluster. Examples of the information that can be acquired are a listing of cluster nodes, full paths to the start and stop methods, names and current locations of logical hosts, and the complete contents of /var/adm/messages. Although none of this information leads to direct access to the system, it can be used to plan a subsequent attack.

Resolution

Restrict access to the in.mond service using TCP wrappers, so that only trusted hosts can access it.

Where can I read more about this?

This vulnerability was posted to Bugtraq.