Bugtraq mailing list archives

Alert: AIX Security (Batch Queue) (fwd_

From: adam () bwh harvard edu (Adam Shostack)
Date: Thu, 2 Jun 94 12:23:00 EDT


(I have no further information on this)


Subject: Alert: AIX Security (Batch Queue)

{URGENT - AIX BATCH QUEUE SECURITY EXPOSURE}

 June 2, 1994

 IBM has become aware of a potential AIX security exposure
 with the batch queue that makes it possible for users on
 AIX Version 3 systems to gain unauthorized root access.

 Exploitation of this exposure would require the user to
 have extensive knowledge of the batch queue system and
 to perform a complex series of specific steps, making
 inadvertent access unlikely.  However, it is recommended
 that you alert your customers to the potential so they
 can take the appropriate actions to secure their systems.
 Descriptions of the problem and the recommended actions
 are being communicated by AIX Support via CERT advisory
 (an information service of Carnegie Mellon University's
 Software Engineering Institute) and internal IBM M&S SPOC
 (Single Point Of Contact) notifications.

 While all AIX releases undergo rigorous testing, security
 exposures are recognized by the industry as very difficult
 to identify.  IBM hopes its efforts to respond rapidly to
 this problem will allow customers to eliminate this security
 exposure with minimal disruption.

{IMMEDIATE WORKAROUND:}
 As described below, a workaround is immediately available
 which eliminates the security exposure by disabling the
 batch queue using the following procedure:

        - As root from the command line enter:
                chque -qbsh -a"up = FALSE"
        - From SMIT enter:
              - Spooler
              - Manage Local Printer Subsystem
              - Change/Show Characteristics of a Queue
                 select bsh
              - Activate the Queue
                 select "no"

{EMERGENCY FIX}
 Emergency Fixes for the different levels of AIX affected
 by this exposure are also available immediately to rectify
 the AIX problem so that the batch queue can be enabled
 with no security exposure.  These fixes can be obtained
 via anonymous ftp from software.watson.ibm.com.  The files
 will be located in /pub/aix/bshfix.tar.Z in compressed tar
 format.

{OFFICIAL FIX}
 An APAR has been opened and an official PTF will be
 made available in approximately two weeks for installed
 AIX systems and will be included in future AIX shipments.
 The official fix for this problem can be ordered as
 Authorized Program Analysis Report (APAR) IX44381.
 To order an APAR from IBM in the U.S. call 1-800-237-5511
 and ask for shipment as soon as it is available.  APARS may
 be obtained outside the U.S. by contacting a local IBM
 representative.

 Frank Karner, Phone: 512-823-5950 (TL/793),
 Internet: karner () austin vnet ibm com

Current thread:

Making fc-5.3, oops John C. Orthoefer (Jun 01)
- Re: Breaking in from the monitor at the console Steven Fought (Jun 01)
- Alert: AIX Security (Batch Queue) (fwd_ Adam Shostack (Jun 02)
- Aix bug THOMAS P. WALPOLE (Jun 02)
- Generating a true random number? Michael Neuman (Jun 03)
  - Re: Generating a true random number? Bennett Todd (Jun 03)
  - Re: Generating a true random number? Tom Fitzgerald (Jun 03)
  - Re: Generating a true random number? Rob Quinn (Jun 03)