Bugtraq mailing list archives
Re: AIX 4.2 lquerylv
From: troy () AUSTIN IBM COM (Bollinger)
Date: Mon, 26 May 1997 16:26:31 -0500
-----BEGIN PGP SIGNED MESSAGE----- Georgi Guninski wrote:
There is a buffer overflow in /usr/sbin/lquerylv which spawns a root shell under AIX 4.2, probably 4.x,3.x. SOLUTION: #chmod -s /usr/sbin/lquerylv Tested on AIX 4.2 RS/6000 box.
This (and several other LVM related buffer overflows) are fixed in the following APARs: AIX 3.2 ======= APAR IX66230 (PTF U447739) AIX 4.1 ======= APAR IX66231 Fileset bos.rte.lvm should be 4.1.5.7 or later. AIX 4.2 ======= APAR IX66232 Fileset bos.rte.lvm should be 4.2.0.12 or later. A cumulative security APAR is also available from FixDist... AIX 3.2 ======= APAR IX67999 AIX 4.1 ======= APAR IX67997 AIX 4.2 ======= APAR IX67998 - -- +-------------- I do not speak for IBM! -----------------+ |Troy Bollinger | 92CBR600F2| |AIX Security Development | troy () austin ibm com| +----------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: 2.7.1 iQCVAwUBM4oABwsPbaL1YgqvAQFw6wP/dwjyLm/7B9VHQ2NNFx0sEqgL/qKuQ0JB 97Hm+75KjjNg315SP5ZkB1dDKaWxH9rPKF4luSe8euLZS6EmXhwC+jmG0SI88FGQ 4Dn6hASOWy/Qtj0dmQIsl72tdQzWNKE4XE6ebtRAeFI12ddqhrwbR+XqtM1YsLo/ v6NXLQts/MY= =vTTe -----END PGP SIGNATURE-----
Current thread:
- Re: AIX 4.2 lquerylv Bollinger (May 26)
- <Possible follow-ups>
- Re: AIX 4.2 lquerylv Piotr Piatkowski (May 28)