Re: AIX 4.1.4.0 local root LC_MESSAGES /usr/sbin/arp exploit

[troy () AUSTIN IBM COM (Troy Bollinger)]

Quoting cripto (cripto () SUBTERRAIN NET):
> Hello,
>   One of you will have to test this on AIX 4.3, as 4.1.4.0 is the most
> recent release I have access to.
>
> -cripto
> Subterrain Security Group
> http://www.subterrain.net
>
> /*
>  * AIX 4.1.4.0 local root /usr/sbin/arp exploit - SSG-arp.c - 06/06/2000
>  *
>  * This code is largely from an old AIX mount exploit by Georgi Guninski.
>  * Tested on a blazing 33Mhz RS/6000 IBM POWERserver 340!
>  *
>  * Shouts to bind, xdr, obecian, qwer7y, interrupt, linda, and ur mom.
>  *
>  * -cripto <cripto () subterrain net>      .o0->  SSG ROX 2000 !@#$$#@!  <-0o.
> */

This was fixed in 1997 in 3.2, 4.1 and 4.2.  The fix is also in the
initial release of 4.3.  Here's the APAR information:

AIX 3.2.5
=========

    Apply the following fix to your system:

    PTFs - U447656 U447671 U447676 U447682 U447705 U447723  (APAR IX67405)

    To determine if you have these PTFs on your system, run the following
    command:

       lslpp -lB U447656 U447671 U447676 U447682 U447705 U447723

AIX 4.1
=======

    Apply the following fix to your system:

        APAR - IX67407

    To determine if you have this APAR on your system, run the following
    command:

       instfix -ik IX67407

    Or run the following command:

       lslpp -h bos.rte.libc

    Your version of bos.rte.libc should be 4.1.5.7 or later.

AIX 4.2
=======

    Apply the following fix to your system:

        APAR - IX67377

    To determine if you have this APAR on your system, run the following
    command:

       instfix -ik IX67377

    Or run the following command:

       lslpp -h bos.rte.libc

    Your version of bos.rte.libc should be 4.2.0.11 or later.

--
Troy Bollinger <troy () austin ibm com>
Network Security Analyst
PGP keyid: 1024/0xB7783129
Troy's opinions are not IBM policy