Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AIX 4.2 dtterm exploit

From: troy () AUSTIN IBM COM (Bollinger)
Date: Tue, 20 May 1997 17:23:46 -0500

-----BEGIN PGP SIGNED MESSAGE-----

Georgi Guninski wrote:


There is a buffer overflow in /usr/dt/bin/dtterm and/or in libXt which
spawns a root shell.



This looks alot like CERT CA-97.11 "Vulnerability in libXt.a".  Do
you have the APARs for this installed?

- --------------------   8<   --------------------

IBM Corporation
===============
  See the appropriate release below to determine your action.


  AIX 3.2
  -------
    Apply the following fix to your system:

       APAR - IX61784,IX67047,IX66713 (PTF - U445908,U447740)

    To determine if you have this PTF on your system, run the following
    command:

       lslpp -lB U445908 U447740


  AIX 4.1
  -------
    Apply the following fix to your system:

        APAR - IX61031 IX66736 IX66449

    To determine if you have this APAR on your system, run the following
    command:


       instfix -ik IX61031 IX66736 IX66449

    Or run the following command:

       lslpp -h X11.base.lib

    Your version of X11.base.lib should be 4.1.5.2 or later.


  AIX 4.2
  -------
    Apply the following fix to your system:

        APAR - IX66824 IX66352

    To determine if you have this APAR on your system, run the following
    command:

       instfix -ik IX66824 IX66352

    Or run the following command:

       lslpp -h X11.base.lib

    Your version of X11.base.lib should be 4.2.1.0 or later.


  To Order
  --------
    APARs may be ordered using Electronic Fix Distribution (via FixDist)
    or from the IBM Support Center.  For more information on FixDist,
    reference URL:

       http://service.software.ibm.com/aixsupport/


    or send e-mail to aixserv () austin ibm com with a subject of "FixDist".


  IBM and AIX are registered trademarks of International Business Machines
  Corporation.


- --
+--------------  I do not speak for IBM!  -----------------+
|Troy Bollinger             |                    92CBR600F2|
|AIX Security Development   |           troy () austin ibm com|
+----------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBM4IkcQsPbaL1YgqvAQGWggP8CPrLpK4ceUZ86deWtIVzeXwuqX2OixkM
s113q15+vDBbv5cHLRYks6BVujAFKS6S2QdZGqjrEyFGJfiQeAwZfHU26W/Wi6E+
8HUHGj1aMHMtxBSBFNGuj97lCRHKrXrPA3xMCCnXgRnLM8dahv31WE3sZ1BVeN4d
2iqFqYNoE1s=
=3d1z
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: