Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

AIX Fix Info: NLS environment variables

From: troy () AUSTIN IBM COM (Bollinger)
Date: Thu, 3 Apr 1997 17:29:44 -0600

-----BEGIN PGP SIGNED MESSAGE-----


Thu Apr  3 23:28:12 GMT 1997
===============================================================================
                             VULNERABILITY  SUMMARY

VULNERABILITY:  Buffer overflows in NLS environment variables

PLATFORMS:      IBM AIX(r) 3.2.x, 4.1.x, 4.2.x

SOLUTION:       Apply the fixes described below.

THREAT:         If exploited, this condition may permit unauthorized
                super-user access to the system

===============================================================================


I. Description

There are buffer overflows in the way that AIX handles certain
NLS environment variables.


II.  Impact

Unprivileged users may gain root access.  An exploit has been published
detailing this vulnerability.


III.  Fixes

AIX 3.2.5
=========

    Apply the following fix to your system:

    PTFs - U447656 U447671 U447676 U447682 U447705 U447723  (APAR IX67405)

    To determine if you have these PTFs on your system, run the following
    command:

       lslpp -lB U447656 U447671 U447676 U447682 U447705 U447723

AIX 4.1
=======

    Apply the following fix to your system:

        APAR - IX67407

    To determine if you have this APAR on your system, run the following
    command:

       instfix -ik IX67407

    Or run the following command:

       lslpp -h bos.rte.libc

    Your version of bos.rte.libc should be 4.1.5.7 or later.

AIX 4.2
=======

    Apply the following fix to your system:

        APAR - IX67377

    To determine if you have this APAR on your system, run the following
    command:

       instfix -ik IX67377

    Or run the following command:

       lslpp -h bos.rte.libc

    Your version of bos.rte.libc should be 4.2.0.11 or later.


Temporary Fixes
===============
    A temporary patch is available via anonymous ftp from:

    ftp://testcase.software.ibm.com/aix/fromibm/README.NLS_security_fix
    ftp://testcase.software.ibm.com/aix/fromibm/NLS_security_fix.42.tar
    ftp://testcase.software.ibm.com/aix/fromibm/NLS_security_fix.41.tar
    ftp://testcase.software.ibm.com/aix/fromibm/NLS_security_fix.32.tar

    MD5 checksums:

    MD5 (NLS_security_fix.32.tar) = 8382b9907e1c52ba01bb0d54a6398e09
    MD5 (NLS_security_fix.41.tar) = 2935f43ebd86e8c64bfae3a533f152f7
    MD5 (NLS_security_fix.42.tar) = e3c26df51d27701d5784225da945de8e


IV. Acknowledgements

Thanks to the FreeBSD team for bringing this problem to our attention
and to Georgi Guninski for (almost ;-) waiting until the fix was released.


- --
+----------------  I do not speak for IBM!  ------------------+
|Troy Bollinger             |      email:  troy () austin ibm com|
|AIX Security Development   | Sometimes the old ways are best.|
+-------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBM0Q9ZwsPbaL1YgqvAQHNTgQAh+bvElgbZgbVvCJv5PnKb4dyTlXw2Aam
aGGJfkpsojstXNYlFEXVxlTIv5BgCt9dFBmTuFmZCLkoF0PIVpDYqfxmJjCwQ/4A
6g2N9uHePylnDx7xu2TyP3wQpAywqpCzMG7Yq+wxqgWw7aGXNgELV0WApk1jxXqA
U5XLM3kQ4qc=
=3BN1
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: