Bugtraq mailing list archives

snap utility for AIX.

From: lwcashd () TROUT BIW COM (Larry W. Cashdollar)
Date: Wed, 17 Feb 1999 10:17:08 -0500


My friend actually brought this to my attention, the snap command is a diagnostic utlitiy for gathering system 
information on AIX platforms.
It can only be executed by root, but it copies various system files into
/tmp/ibmsupt/
under /tmp/ibmsupt/general/ you will find the passwd file with cyphertext. The
danger here is if a system administrator executes snap -a as sometimes requested
by IBM support  while diagnosing a problem it defeats password shadowing.  I
would think that snap would create the directory 700 root:root.


-- Larry

Current thread:

Re: [proftpd-l] root compromise ? (fwd) Rodrigo Campos (Feb 09)
- Re: [proftpd-l] root compromise ? (fwd) Joe Schmo (Feb 12)
  - Re: [proftpd-l] root compromise ? (fwd) monk (Feb 13)
  - Re: [proftpd-l] root compromise ? (fwd) Dirk Moerenhout (Feb 13)
    - Possible Netscape Crypto Security Flaw Haze (Feb 14)
    - Re: Possible Netscape Crypto Security Flaw Pete Krawczyk (Feb 16)
    - snap utility for AIX. Larry W. Cashdollar (Feb 17)
    - Re: snap utility for AIX. Brian Hauber (Feb 18)
    - mSQL vulnerability. Christofer C. Bell (Feb 17)
    - OT: Copyright on Security advisories Aviram Jenik (Feb 18)
    - Re: OT: Copyright on Security advisories Doug Granzow (Feb 19)
    - Re: mSQL vulnerability. John W. Temples (Feb 18)
    - Debian GNU/Linux 2.0r5 released (fwd) Jamie Fifield (Feb 17)
    - Regarding passwords in registry keys. Ash (Feb 19)
    - Re: [proftpd-l] root compromise ? (fwd) Nic Bellamy (Feb 14)
  - ICQ99 crash loser (Feb 14)
    - Re: ICQ99 crash Eric J. Stevens (Feb 15)

(Thread continues...)