Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1994: Alert: AIX Security (Batch Queue) (fwd_

Alert: AIX Security (Batch Queue) (fwd_

Adam Shostack (adambwh.harvard.edu)
Thu, 2 Jun 94 12:23:00 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: THOMAS P. WALPOLE: "Aix bug"
Previous message: Steven Fought: "Re: Breaking in from the monitor at the console"

(I have no further information on this)


Subject: Alert: AIX Security (Batch Queue)

{URGENT - AIX BATCH QUEUE SECURITY EXPOSURE}

 June 2, 1994

 IBM has become aware of a potential AIX security exposure
 with the batch queue that makes it possible for users on
 AIX Version 3 systems to gain unauthorized root access.

 Exploitation of this exposure would require the user to
 have extensive knowledge of the batch queue system and
 to perform a complex series of specific steps, making
 inadvertent access unlikely.  However, it is recommended
 that you alert your customers to the potential so they
 can take the appropriate actions to secure their systems.
 Descriptions of the problem and the recommended actions
 are being communicated by AIX Support via CERT advisory
 (an information service of Carnegie Mellon University's
 Software Engineering Institute) and internal IBM M&S SPOC
 (Single Point Of Contact) notifications.

 While all AIX releases undergo rigorous testing, security
 exposures are recognized by the industry as very difficult
 to identify.  IBM hopes its efforts to respond rapidly to
 this problem will allow customers to eliminate this security
 exposure with minimal disruption.

{IMMEDIATE WORKAROUND:}
 As described below, a workaround is immediately available
 which eliminates the security exposure by disabling the
 batch queue using the following procedure:

        - As root from the command line enter:
                chque -qbsh -a"up = FALSE"
        - From SMIT enter:
              - Spooler
              - Manage Local Printer Subsystem
              - Change/Show Characteristics of a Queue
                 select bsh
              - Activate the Queue
                 select "no"

{EMERGENCY FIX}
 Emergency Fixes for the different levels of AIX affected
 by this exposure are also available immediately to rectify
 the AIX problem so that the batch queue can be enabled
 with no security exposure.  These fixes can be obtained
 via anonymous ftp from software.watson.ibm.com.  The files
 will be located in /pub/aix/bshfix.tar.Z in compressed tar
 format.

{OFFICIAL FIX}
 An APAR has been opened and an official PTF will be
 made available in approximately two weeks for installed
 AIX systems and will be included in future AIX shipments.
 The official fix for this problem can be ordered as
 Authorized Program Analysis Report (APAR) IX44381.
 To order an APAR from IBM in the U.S. call 1-800-237-5511
 and ask for shipment as soon as it is available.  APARS may
 be obtained outside the U.S. by contacting a local IBM
 representative.

 Frank Karner, Phone: 512-823-5950 (TL/793),
 Internet: karneraustin.vnet.ibm.com

Next message: THOMAS P. WALPOLE: "Aix bug"
Previous message: Steven Fought: "Re: Breaking in from the monitor at the console"