Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_4

Bugtraq archives for 4th quarter (Oct-Dec) 1996: AIX lquerypv

AIX lquerypv

Aleph One (aleph1dfw.net)
Mon, 25 Nov 1996 09:50:18 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David J. Meltzer: "Security Problems in XMCD"
Previous message: Troy Bollinger: "lquerypv fix"

   Thanks to all that responded. To many to list! Here are the results:

AIX 3.2.X is reported as NOT vulnerable. The command does not have an -h
flag. But who knows it may have other problems. Poke it and see what you
can find.

AIX 4.1.X and 4.2 with all security PTF ARE vulnerable. The problem will
dump the first 256 bytes of any file you give it as an argument. It seems
IBM is aware of the problem. Quick fix: chmod u-s /usr/sbin/lquerypv

Aleph One / aleph1dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

Next message: David J. Meltzer: "Security Problems in XMCD"
Previous message: Troy Bollinger: "lquerypv fix"