Bugtraq mailing list archives
buffer overflow vulnerability
From: alaine () AUSTIN IBM COM (Alaine)
Date: Mon, 23 Jun 1997 09:44:58 -0500
-----BEGIN PGP SIGNED MESSAGE----- June 19 1997 I. Description A buffer overflow vulnerability exists in the AIX libDtSvc.a library that can allow local users to become root. There has been an exploit posted to the Bugtraq mailing list. UPDATE (June 19) -- The libDtSvc.a provided in the last patch contained a bug that prevented users from logging in via the CDE desktop. A new efix is available that fixes this problem in addition to several other buffer overflows. II. Fixes IBM is currently working on the following APARs but they are not available yet. Abstract 4.1 APAR 4.2 APAR ==================================================================== SECURITY: buffer overflow in dtaction IX69179 IX69180 SECURITY: buffer overflow in writesrv IX69168 IX69169 SECURITY: buffer overflow in /bin/rcp IX69170 IX69171 There is a temporary fix available via anonymous ftp: ftp://testcase.software.ibm.com/aix/fromibm/dtaction.security.tar.Z To install these fixes see the appropriate release below: AIX 4.1 ======= Prerequisites: Use "lslpp -l <fileset>" to make sure that the version of filesets listed below is at the given level or greater. If not, install the appropriate APAR. Fileset Level APAR =============================================== bos.rte.libc 4.1.5.0 IX61019 X11.Dt.lib 4.1.5.2 IX62230 X11.base.lib 4.1.5.3 IX66868 X11.motif.lib 4.1.5.2 IX67462 X11.Dt.rte 4.1.5.8 IX68647 bos.net.tcp.client 4.1.5.8 IX67591 bos.rte.misc_cmds 4.1.5.2 IX67329 Installation: Make a backup copy of the old files. Copy the new files over the old ones and ensure that the permissions match the original permissions. (Don't leave the old files with the setuid/setgid bits set.) Checksums: File sum md5 ====================================================================== 41_fixes/dtmail 39063 1053 d39790e7dccdb1081c1945d5230cb279 41_fixes/dtsession 34203 136 81a6d69633c9648f920320e13e52b210 41_fixes/libDtHelp.a 56845 951 b819b80ccae96a8a9cb790b3dd4a60af 41_fixes/libDtSvc.a 59576 769 452f1a72a0885fa920a5777076ac9fdb 41_fixes/libX11.a 55619 990 a71a6bf132b0093ed755b6a7179ad732 41_fixes/libXm.a 61363 2600 f3065303e024680c76ad96c726c7d466 41_fixes/rcp 29998 22 6a56d07fad2b06288e75fe5cd82420ef 41_fixes/sbcs.im 50193 9 2a7f62852e50f3aae75fe7b6ee59e278 41_fixes/writesrv 14480 16 2bb146b59912ba5845bb4c559a50e29a AIX 4.2 ======= Prerequisites: Use "lslpp -l <fileset>" to make sure that the version of filesets listed below is at the given level or greater. If not, install the appropriate APAR. Fileset Level APAR =============================================== bos.rte.libc 4.2.1.0 IX60895 X11.Dt.lib 4.2.1.0 IX62473 X11.base.lib 4.2.1.1 IX68707 X11.motif.lib 4.2.1.0 IX65066 X11.Dt.rte 4.2.1.1 IX68676 bos.net.tcp.client 4.2.1.3 IX67137 bos.rte.misc_cmds 4.2.1.0 IX65960 X11.vsm.rte 4.2.1.2 IX68563 Installation: Make a backup copy of the old files. Copy the new files over the old ones and ensure that the permissions match the original permissions. (Don't leave the old files with the setuid/setgid bits set.) Checksums: File sum md5 ====================================================================== 42_fixes/dtmail 35354 1056 75e23f276e0a07c2502b43acf5fb6f8c 42_fixes/dtsession 52100 141 344ca9904249a33f8e93585858fc5234 42_fixes/libDtHelp.a 10373 961 16ee8695f780071329b506b66b9b9e61 42_fixes/libDtSvc.a 29662 822 c695cf9be044bb7a4efaed32dee2b157 42_fixes/libX11.a 09839 991 0759e863f24afe4b3fced582232686f8 42_fixes/libXm.a 18494 2613 5d20a65dc15fdd0c5b9e91adef4cc260 42_fixes/rcp 61895 22 a55d08f4511c466fbd9e76f356e8a501 42_fixes/sbcs.im 56511 10 0e1cb7e3f82b7bd5cb4b71796db3d42e 42_fixes/writesrv 27208 16 514c7419d297a096847776e1ee2d0604 42_fixes/xpasswd 38549 10 9cbe3664de73b58f12286fbd11a2b3ad III. Contact Information To request the PGP public key that can be used to encrypt new AIX security vulnerabilities, send email to security-alert () austin ibm com with a subject of "get key". If you would like to subscribe to the AIX security newsletter, send a note to aixserv () austin ibm com with a subject of "subscribe Security". To cancel your subscription, use a subject of "unsubscribe Security". To see a list of other available subscriptions, use a subject of "help". IBM and AIX are registered trademarks of International Business Machines Corporation. - -- +-------------- I do not speak for IBM! -----------------+ |Troy Bollinger | 92CBR600F2| |AIX Security Development | troy () austin ibm com| +----------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: 2.7.1 iQCVAwUBM6rsLQsPbaL1YgqvAQEXZwQAhMayJGulee2S+9GVXS5kdc9M1/ghJCYn EcHYdGmdK4Sy10H2WFtZ0JMUeTJobYmLOwltLTkTLUsbMnX7ih8pylywywDEo2HU TtSlJ+PxiEsDpOx1hmYi2E6Nj3wfqyB8tlsBUuWvpwdca6FgmLj2ul/nShTXRaCD fKgqGsn7SQM= =Bhlb -----END PGP SIGNATURE-----
Current thread:
- buffer overflow vulnerability Alaine (Jun 23)