Bugtraq mailing list archives

Re: aix 4.2 4.3.1, adb

From: troy () AUSTIN IBM COM (Troy A. Bollinger)
Date: Tue, 13 Jul 1999 21:37:01 -0500


Quoting GZ Apple (gzapple () 21cn com):


Local users can halt the operating system by 'adb' command under my AIX
box.


This affects AIX 4.2.x and 4.3.x (including 4.3.2).  We're still working
on the official fix, but here's an excerpt from the soon-to-be-released
advisory.

Any questions regarding this vulnerability or other AIX security holes
can be sent to security-alert () austin ibm com.

--------------------   8<   --------------------

    A temporary fix is available via anonymous ftp from:

       ftp://aix.software.ibm.com/aix/efixes/security/adb_hang.tar.Z

    Filename                 sum              md5
    ======================================================================
    unix_mp.42.adb_hang_fix  00772  2693  960214a1945f2c70311283adc0b231a3
    unix_mp.43.adb_hang_fix  15044  3302  584d1c5ea0223110e2d8eba84388f526


    This temporary fix has not been fully regression tested.  The fix
    consists of a multiprocessor kernel which can be used on either a
    uniprocessor or multiprocessor machine.  There may be a slight
    performance penalty when using a multiprocessor kernel on a
    uniprocessor machine.

    Use the following steps (as root) to install the temporary fix:

    1.  Determine the version of the kernel fileset on your machine.

        # lslpp -l <fileset>

        If the version of the kernel fileset for your machine is not at
        the level described below, install the requisite APAR listed.
        This will help ensure that the temporary kernel fix will run
        properly.

        Release        Fileset            Version        requisite APAR
        ===============================================================
        AIX 4.2.x      bos.mp or bos.up   4.2.1.23       IY00689
        AIX 4.3.x      bos.mp or bos.up   4.3.2.8        IY00727

    2. Uncompress and extract the fix.

        # uncompress < adb_hang.tar.Z | tar xf -
        # cd adb_hang

    3. Review and run the adb_hang.sh script to install the new kernel.

          # view ./adb_hang.sh
          # ./adb_hang.sh

    4. Reboot.


--
Troy Bollinger                            troy () austin ibm com
AIX Security Development        security-alert () austin ibm com
PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy

Current thread:

aix 4.2 4.3.1, adb GZ Apple (Jul 12)
- Re: aix 4.2 4.3.1, adb Mike Austin (Jul 13)
- Root Perms Gained with Patrol SNMP Agent 3.2 (all others?) Andrew Alness (Jul 13)
- Announcing First Annual ToorCon Ben (Jul 13)
- ircd exploit in ircu based code Kevin Day (Jul 13)
  - Re: ircd exploit in ircu based code Kev (Jul 15)
- About IGMP and another exploit for Windows95x/98x Hector Leon (Jul 13)
  - credit (was Re: About IGMP and another exploit for Windows95x/98x) Max Vision (Jul 14)
- Re: aix 4.2 4.3.1, adb Troy A. Bollinger (Jul 13)
- DoS attack on AT&T Wireless text-messaging service Peter Gamache (Jul 14)
- BO2K Aleph One (Jul 15)
- <Possible follow-ups>
- Re: aix 4.2 4.3.1, adb Peter.Fredriksson () Skriptor com (Jul 13)
- Re: aix 4.2 4.3.1, adb Troy A. Bollinger (Jul 15)