Bugtraq mailing list archives
Re: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX
From: Shiva Persaud <shivapd () us ibm com>
Date: Mon, 17 Feb 2003 18:52:50 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
<1>
The aixterm issue is addressed in an efix which can be downloaded from:
ftp://ftp.software.ibm.com/aix/efixes/security/libIM_efix.tar.Z.
<2>
The enq issue was fixed in Feb 2000. The following filesets contain the most
current version of enq:
For AIX 4.3.3:
bos.rte.printers.4.3.3.78
For AIX 5.1.0:
bos.rte.printers.5.1.0.25
For AIX 5.2.0:
bos.rte.printers.5.2.0.0
To request the PGP public key that can be used to encrypt new AIX
security vulnerabilities, send email to security-alert () austin ibm com
with a subject of "get key".
Shiva Persaud
AIX Security Developer
shivapd () us ibm com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (AIX)
iD8DBQE+UYPXcnMXzUg7txIRAkRNAJsFOHbxbkAc/pqqZFCCr3YK9vy5DACeMmN6
ALLNjBcnTx+VfZIiuPCDzdQ=
=ufwJ
-----END PGP SIGNATURE-----
Shiva Persaud
AIX Security Developer
Phone: 512-838-1192
shivapd () us ibm com
choi sungwoon
<monocat2@hanmail To: bugtraq () securityfocus com
.net> cc:
Subject: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX
02/17/2003 01:00
AM
Please respond to
Shiva Persaud
/*
Title: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX
Vulnerability found by Esa Etelavoun, iDEFFENSE
Author: green(green () wowhacker org), dragory(dragory () wowhacker org)
Tested on AIX 4.3.3/RS6000
Reference: lsd-pl.net's exploit
Thanks to wowcode & overhead team at Wowhacker(http://www.wowhacker.org)
*/
I tested BOF in AIX lately.
These are exploits of /usr/bin/enq and /usr/bin/X11/aixterm in AIX.
(My system language is Korean...)
Current thread:
- /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX choi sungwoon (Feb 17)
- Re: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX Keith Stevenson (Feb 19)
- <Possible follow-ups>
- Re: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX Shiva Persaud (Feb 18)