Bugtraq mailing list archives
CDE: dtappgather on AIX
From: saper () SGH WAW PL (Marcin Cieslak)
Date: Sun, 25 Jan 1998 11:41:49 +0100
Yet another ssetuid bit turned on... What about other implementations of CDE? -- << Marcin Cieslak // saper () sgh waw pl >> ---------- Forwarded message ---------- Date: Fri, 23 Jan 1998 12:49:33 -0600 From: AIX Service Mail Server <aixserv () austin ibm com> Subject: Security This file contains summary information on AIX security alerts published by the Computer Emergency Response Team (CERT), and the IBM Emergency Response Team (ERS). The full text of these alerts can be obtained from this mail server by requesting the 'CERT' and 'ERS' files. This information (and more) is available from CERT and ERS directly on the world-wide web at the following URLs: CERT: http://www.cert.org/ ERS: http://www.ers.ibm.com/ The fixes mentioned in this document, when available, will be available from FixDist. Information on obtaining and using FixDist is available by requesting the 'FixDist' document from this mail server, or at the following URL on the world-wide web: http://service.software.ibm.com/aix.us/fixes The 'Security_APARs' document on this mail server contains a list of security related APARs for which fixes are available as of April 1997. =============================================================================== =============================================================================== CERT* Advisory CA-98.02 Original issue date: Jan. 21, 1998 Last revised: -- Topic: Vulnerabilities in CDE ----------------------------------------------------------------------------- I. Description There are several vulnerabilities in some implementations of the Common Desktop Environment (CDE). The root cause of these vulnerabilities is that the setuid root program "dtappgather" does not adequately check all information passed to it by users. By exploiting these vulnerabilities, an attacker can gain either unauthorized privileged access or cause a denial of service on the system. II. Impact Local users are able to gain write access to arbitrary files. This can be leveraged to gain privileged access. Local users may also be able to remove files from arbitrary directories, thus causing a denial of service. III. Solution The version of dtappgather shipped with AIX is vulnerable. The following fixes are in progress: AIX 3.2: not vulnerable; CDE not shipped in 3.2 AIX 4.1: IX73436 AIX 4.2: IX73437 AIX 4.3: IX73438 An emergency fix is available at the following URL: ftp://aix.software.ibm.com/aix/efixes/security/dtappgather.tar.Z =============================================================================== [ .. older ERS announcements follow (routed etc.) ... ]
Current thread:
- Re: GCC 2.7.? /tmp files, (continued)
- Re: GCC 2.7.? /tmp files Zack Weinberg (Jan 18)
- Re: GCC 2.7.? /tmp files John Gotts (Jan 19)
- CERT Vendor-Initiated Bulletin VB-98.01 - excite Aleph One (Jan 19)
- GCC 2.7.? /tmp files Micha? Zalewski (Jan 15)
- Re: GCC 2.7.? /tmp files Niels Bakker (Jan 16)
- pnserver exploit.. Aleph One (Jan 15)
- Re: pnserver exploit.. Angelos Karageorgiou (Jan 16)
- Re: pnserver exploit.. Donald van de Weyer (Jan 21)
- (AUSCERT ESB-98.009) CERT Advisory CA-98.02 - Vulnerabilities in Grant Beattie (Jan 21)
- Q179148: Settings May Not Be Applied with URL with Short Filename Aleph One (Jan 23)
- CDE: dtappgather on AIX Marcin Cieslak (Jan 25)
- Simple OpenBSD crash script Jason Downs (Jan 25)
- Re: Simple OpenBSD crash script GvS One (Jan 28)
- Quake 2 Linux kevingeo () CRUZIO COM (Jan 25)
- Re: Quake 2 Linux Greg Alexander (Jan 27)
- Announcement: Phrack 52 route () RESENTMENT INFONEXUS COM (Jan 26)
- Microsoft responds to bug in Exchange Server Tony Hagale (Jan 27)
- Re: Announcement: Phrack 52 Olaf Kirch (Jan 28)
- KSR[T] Advisory #7: filter KSR[T] (Jan 29)
- Bug in IMail's pop3d32.exe RHS Linux User (Jan 29)
- Secure Linux patch Solar Designer (Jan 29)