CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Secure Computing Corporation Information for VU#745371

Date Notified
Date Modified04/20/2002 06:17:45 PM
Status SummaryNot Vulnerable

Vendor Statement

The telnetd vulnerability referenced is not applicable to Sidewinder as a result of disciplined security software design practices in combination with Secure Computing's patented Type Enforcement(tm) technology. Sidewinder's telnetd services are greatly restricted due to both known and theoretical vulnerabilities. This least privilege design renders the attack described in the CERT-2001-21 Advisory useless. In addition, Sidewinder's operating system, SecureOS(tm), built on Secure's Type Enforcement technology, has further defenses against this attack that would trigger multiple security violations.

Specifically, the attack first attempts to start a shell process. Sidewinder's embedded Type Enforcement security rules prevent telnetd from replicating itself and accessing the system shell programs. Even without this embedded, tamper proof rule in place, other Type Enforcement rules also defend against this attack. As an example, the new shell would need administrative privileges and those privileges are not available to the telnetd services.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2012 Carnegie Mellon University