86 lines
3.1 KiB
Plaintext
86 lines
3.1 KiB
Plaintext
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
===========================================================================
|
|
CA-92:05 CERT Advisory
|
|
March 5, 1992
|
|
AIX REXD Daemon Vulnerability
|
|
|
|
- ---------------------------------------------------------------------------
|
|
|
|
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
|
|
received information concerning a vulnerability with the rexd daemon
|
|
in versions 3.1 and 3.2 of AIX for IBM RS/6000 machines.
|
|
|
|
IBM is aware of the problem and it will be fixed in future updates to
|
|
AIX 3.1 and 3.2. Sites may call IBM Support (800-237-5511) and ask for
|
|
the patch for apar ix21353. Patches may be obtained outside the U.S. by
|
|
contacting your local IBM representative.
|
|
|
|
The fix is also provided below.
|
|
|
|
- ---------------------------------------------------------------------------
|
|
|
|
I. Description
|
|
|
|
In certain configurations, particularly if NFS is installed,
|
|
the rexd (RPC remote program execution) daemon is enabled.
|
|
|
|
Note: Installing NFS with the current versions of "mknfs" will
|
|
re-enable rexd even if it was previously disabled.
|
|
|
|
II. Impact
|
|
|
|
If a system allows rexd connections, anyone on the Internet can
|
|
gain access to the system as a user other than root.
|
|
|
|
III. Solution
|
|
|
|
CERT/CC and IBM recommend that sites take the following actions
|
|
immediately. These steps should also be taken whenever "mknfs" is run.
|
|
|
|
1. Be sure the rexd line in /etc/inetd.conf is commented out by
|
|
having a '#' at the beginning of the line:
|
|
|
|
#rexd sunrpc_tcp tcp wait root /usr/etc/rpc.rexd rexd 100017 1
|
|
|
|
2. Refresh inetd by running the following command as root:
|
|
|
|
refresh -s inetd
|
|
|
|
|
|
- ---------------------------------------------------------------------------
|
|
The CERT/CC wishes to thank Darren Reed of the Australian National
|
|
University for bringing this vulnerability to our attention and
|
|
IBM for their response to the problem.
|
|
- ---------------------------------------------------------------------------
|
|
|
|
If you believe that your system has been compromised, contact CERT/CC or
|
|
your representative in FIRST (Forum of Incident Response and Security Teams).
|
|
|
|
Internet E-mail: cert@cert.org
|
|
Telephone: 412-268-7090 (24-hour hotline)
|
|
CERT/CC personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),
|
|
on call for emergencies during other hours.
|
|
|
|
Computer Emergency Response Team/Coordination Center (CERT/CC)
|
|
Software Engineering Institute
|
|
Carnegie Mellon University
|
|
Pittsburgh, PA 15213-3890
|
|
|
|
Past advisories, information about FIRST representatives, and other
|
|
information related to computer security are available for anonymous ftp
|
|
from cert.org (192.88.209.5).
|
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaMw6XVP+x0t4w7BAQFOpAQA0rUbAhg2vXY64Q8RyXt72aL51klDOUdZ
|
|
HPJpQpDhbapGkE4bM9YmbP3Ex5aFrpdrOOmuVkoKYFHViSm4FW48QBadwUotPVT0
|
|
JrdhaiMTxdA6du2YwL5NqwMjCOa8wc6iqEMc1Xwa0FpDq25Unr8ZqErTwRuVN8dJ
|
|
1XNBJksxcmw=
|
|
=m+q2
|
|
-----END PGP SIGNATURE-----
|
|
|