Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

buffer overflow vulnerability

From: alaine () AUSTIN IBM COM (Alaine)
Date: Mon, 23 Jun 1997 09:44:58 -0500

-----BEGIN PGP SIGNED MESSAGE-----


June 19 1997

I.  Description

A buffer overflow vulnerability exists in the AIX libDtSvc.a library
that can allow local users to become root.  There has been an exploit
posted to the Bugtraq mailing list.

UPDATE (June 19) --  The libDtSvc.a provided in the last patch
contained a bug that prevented users from logging in via the CDE
desktop.  A new efix is available that fixes this problem in addition
to several other buffer overflows.


II.  Fixes

IBM is currently working on the following APARs but they are not
available yet.

   Abstract                                 4.1 APAR        4.2 APAR
   ====================================================================
   SECURITY: buffer overflow in dtaction    IX69179         IX69180
   SECURITY: buffer overflow in writesrv    IX69168         IX69169
   SECURITY: buffer overflow in /bin/rcp    IX69170         IX69171


There is a temporary fix available via anonymous ftp:
  ftp://testcase.software.ibm.com/aix/fromibm/dtaction.security.tar.Z

To install these fixes see the appropriate release below:


AIX 4.1
=======

   Prerequisites:
      Use "lslpp -l <fileset>" to make sure that the version of
      filesets listed below is at the given level or greater.
      If not, install the appropriate APAR.

      Fileset            Level           APAR
      ===============================================
      bos.rte.libc       4.1.5.0         IX61019
      X11.Dt.lib         4.1.5.2         IX62230
      X11.base.lib       4.1.5.3         IX66868
      X11.motif.lib      4.1.5.2         IX67462
      X11.Dt.rte         4.1.5.8         IX68647
      bos.net.tcp.client 4.1.5.8         IX67591
      bos.rte.misc_cmds  4.1.5.2         IX67329

   Installation:
      Make a backup copy of the old files.  Copy the new files over the
      old ones and ensure that the permissions match the original
      permissions.  (Don't leave the old files with the setuid/setgid
      bits set.)

   Checksums:

      File                      sum           md5
      ======================================================================
      41_fixes/dtmail       39063  1053     d39790e7dccdb1081c1945d5230cb279
      41_fixes/dtsession    34203   136     81a6d69633c9648f920320e13e52b210
      41_fixes/libDtHelp.a  56845   951     b819b80ccae96a8a9cb790b3dd4a60af
      41_fixes/libDtSvc.a   59576   769     452f1a72a0885fa920a5777076ac9fdb
      41_fixes/libX11.a     55619   990     a71a6bf132b0093ed755b6a7179ad732
      41_fixes/libXm.a      61363  2600     f3065303e024680c76ad96c726c7d466
      41_fixes/rcp          29998    22     6a56d07fad2b06288e75fe5cd82420ef
      41_fixes/sbcs.im      50193     9     2a7f62852e50f3aae75fe7b6ee59e278
      41_fixes/writesrv     14480    16     2bb146b59912ba5845bb4c559a50e29a

AIX 4.2
=======

   Prerequisites:
      Use "lslpp -l <fileset>" to make sure that the version of
      filesets listed below is at the given level or greater.
      If not, install the appropriate APAR.

      Fileset            Level           APAR
      ===============================================
      bos.rte.libc       4.2.1.0         IX60895
      X11.Dt.lib         4.2.1.0         IX62473
      X11.base.lib       4.2.1.1         IX68707
      X11.motif.lib      4.2.1.0         IX65066
      X11.Dt.rte         4.2.1.1         IX68676
      bos.net.tcp.client 4.2.1.3         IX67137
      bos.rte.misc_cmds  4.2.1.0         IX65960
      X11.vsm.rte        4.2.1.2         IX68563

   Installation:
      Make a backup copy of the old files.  Copy the new files over the
      old ones and ensure that the permissions match the original
      permissions.  (Don't leave the old files with the setuid/setgid
      bits set.)

   Checksums:

      File                      sum           md5
      ======================================================================
      42_fixes/dtmail       35354  1056     75e23f276e0a07c2502b43acf5fb6f8c
      42_fixes/dtsession    52100   141     344ca9904249a33f8e93585858fc5234
      42_fixes/libDtHelp.a  10373   961     16ee8695f780071329b506b66b9b9e61
      42_fixes/libDtSvc.a   29662   822     c695cf9be044bb7a4efaed32dee2b157
      42_fixes/libX11.a     09839   991     0759e863f24afe4b3fced582232686f8
      42_fixes/libXm.a      18494  2613     5d20a65dc15fdd0c5b9e91adef4cc260
      42_fixes/rcp          61895    22     a55d08f4511c466fbd9e76f356e8a501
      42_fixes/sbcs.im      56511    10     0e1cb7e3f82b7bd5cb4b71796db3d42e
      42_fixes/writesrv     27208    16     514c7419d297a096847776e1ee2d0604
      42_fixes/xpasswd      38549    10     9cbe3664de73b58f12286fbd11a2b3ad



III.  Contact Information

To request the PGP public key that can be used to encrypt new AIX
security vulnerabilities, send email to security-alert () austin ibm com
with a subject of "get key".

If you would like to subscribe to the AIX security newsletter, send a
note to aixserv () austin ibm com with a subject of "subscribe Security".
To cancel your subscription, use a subject of "unsubscribe Security".
To see a list of other available subscriptions, use a subject of
"help".

IBM and AIX are registered trademarks of International Business
Machines Corporation.

- --
+--------------  I do not speak for IBM!  -----------------+
|Troy Bollinger             |                    92CBR600F2|
|AIX Security Development   |           troy () austin ibm com|
+----------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBM6rsLQsPbaL1YgqvAQEXZwQAhMayJGulee2S+9GVXS5kdc9M1/ghJCYn
EcHYdGmdK4Sy10H2WFtZ0JMUeTJobYmLOwltLTkTLUsbMnX7ih8pylywywDEo2HU
TtSlJ+PxiEsDpOx1hmYi2E6Nj3wfqyB8tlsBUuWvpwdca6FgmLj2ul/nShTXRaCD
fKgqGsn7SQM=
=Bhlb
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: