NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2000-05

Subject: Re: AIX 4.1.4.0 local root LC_MESSAGES /usr/sbin/arp exploit
From: Troy Bollinger (troyAUSTIN.IBM.COM)
Date: Mon May 08 2000 - 08:05:09 CDT

Next message: Security: "Re: shtml.exe reveal local path of IIS web directory"
Previous message: Daniel Carosone: "NetBSD Security Advisory 2000-002"
In reply to: cripto: "AIX 4.1.4.0 local root LC_MESSAGES /usr/sbin/arp exploit"
Reply: Troy Bollinger: "Re: AIX 4.1.4.0 local root LC_MESSAGES /usr/sbin/arp exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting cripto (criptoSUBTERRAIN.NET):
> Hello,
> One of you will have to test this on AIX 4.3, as 4.1.4.0 is the most
> recent release I have access to.
>
> -cripto
> Subterrain Security Group
> http://www.subterrain.net
>
> /*
> * AIX 4.1.4.0 local root /usr/sbin/arp exploit - SSG-arp.c - 06/06/2000
> *
> * This code is largely from an old AIX mount exploit by Georgi Guninski.
> * Tested on a blazing 33Mhz RS/6000 IBM POWERserver 340!
> *
> * Shouts to bind, xdr, obecian, qwer7y, interrupt, linda, and ur mom.
> *
> * -cripto <criptosubterrain.net> .o0-> SSG ROX 2000 !#$$#! <-0o.
> */

This was fixed in 1997 in 3.2, 4.1 and 4.2. The fix is also in the
initial release of 4.3. Here's the APAR information:

AIX 3.2.5
=========

Apply the following fix to your system:

PTFs - U447656 U447671 U447676 U447682 U447705 U447723 (APAR IX67405)

To determine if you have these PTFs on your system, run the following
command:

lslpp -lB U447656 U447671 U447676 U447682 U447705 U447723

AIX 4.1
=======

Apply the following fix to your system:

APAR - IX67407

To determine if you have this APAR on your system, run the following
command:

instfix -ik IX67407

Or run the following command:

lslpp -h bos.rte.libc

Your version of bos.rte.libc should be 4.1.5.7 or later.

AIX 4.2
=======

Apply the following fix to your system:

APAR - IX67377

To determine if you have this APAR on your system, run the following
command:

instfix -ik IX67377

Or run the following command:

lslpp -h bos.rte.libc

Your version of bos.rte.libc should be 4.2.0.11 or later.

--
Troy Bollinger <troyaustin.ibm.com>
Network Security Analyst
PGP keyid: 1024/0xB7783129
Troy's opinions are not IBM policy

Next message: Security: "Re: shtml.exe reveal local path of IIS web directory"
Previous message: Daniel Carosone: "NetBSD Security Advisory 2000-002"
In reply to: cripto: "AIX 4.1.4.0 local root LC_MESSAGES /usr/sbin/arp exploit"
Reply: Troy Bollinger: "Re: AIX 4.1.4.0 local root LC_MESSAGES /usr/sbin/arp exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]