OS-SCO-Security
Jump to navigation
Jump to search
On SCO OpenServer 5.0.7 security...
- See Also
- OS-SCO
Audits
As a result of a SCO OpenServer 5.0.7 user's security audit in 2012, the following mitigations were advised:
- /etc/inetd.conf was edited to comment out:
- rshd, rlogind, rexecd, fingerd, popper, imapd, smtpd
- The following commands were disabled by rename:
- mv /usr/bin/php /usr/bin/php.sav
curl
Curl and libcurl, and PHP-CURL, as supplied on OpenServer 5.0.7, does not support TLS 1.2 and has many known vulnerabilities.
- Versions through 7.53.1 on SCO OpenServer 5.0.7 build via the GNU toolchain.
- Current versions of curl dependencies (zlib and openssl) are able to be built.
- curl/libcurl between 7.53.1 and 7.60.0 (inclusive) can build with a minor patch.
- curl/libcurl 7.61.0 and above contain the patch needed to build with the SCO-provided GNU tool chain.
openssh
The ssh client provided by SCO OpenServer 5.0.7 does not support key exchange algorithms needed by modern systems.
- It is possible to build a current version of OpenSSH for SCO OpenServer 5.0.7.
openssl
OpenSSL as supplied by SCO OpenServer 5.0.7 does not support TLS 1.2.
- It is possible to build a current version of OpenSSL for SCO OpenServer 5.0.7.
sudo
It is possible to build a newer (~2010) revision of sudo (1.6.9p23) for SCO OpenServer 5.0.7.
- Newer 1.7.x and 1.8.x series present various build challenges not yet overcome by this author.