204 lines
8.2 KiB
Plaintext
204 lines
8.2 KiB
Plaintext
|
|
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
|
|
/* *\
|
|
/ * * \
|
|
/ * * \
|
|
/ * * \
|
|
/ * System Vulnerabilities * \
|
|
| * * |
|
|
| * * |
|
|
| * * |
|
|
| * Another Modernz Presentation * |
|
|
| * * |
|
|
\ * by * /
|
|
\ * Multiphage * /
|
|
\ * * /
|
|
\ * (C)opyright July 5th, 1992 * /
|
|
\ * */
|
|
*********************************************************
|
|
|
|
|
|
|
|
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
|
|
*******************************************************************************
|
|
The Modernz can be contacted at:
|
|
|
|
MATRIX BBS
|
|
WOK-NOW!
|
|
World of Kaos NOW!
|
|
World of Knowledge NOW!
|
|
St. Dismis Institute
|
|
- Sysops: Wintermute
|
|
Digital-demon
|
|
(908) 905-6691
|
|
(908) WOK-NOW!
|
|
(908) 458-xxxx
|
|
1200/2400/4800/9600
|
|
14400/19200/38400
|
|
Home of Modernz Text Philez
|
|
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
|
|
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
|
|
|
|
TANSTAAFL
|
|
Pheonix Modernz
|
|
The Church of Rodney
|
|
- Sysop: Tal Meta
|
|
(908) 830-TANJ
|
|
(908) 830-8265
|
|
Home of TANJ Text Philez
|
|
|
|
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
|
|
|
|
CyberChat
|
|
Sysop: Hegz
|
|
(908)506-6651
|
|
(908)506-7637
|
|
300/1200/2400/4800/9600
|
|
14400/19200/38400
|
|
Modernz Site
|
|
TLS HQ
|
|
|
|
<><><><><><><><><><><><><><<><<><><><><><><><><><><><><><><><><><><><><><><><><
|
|
|
|
The Global Intelligence Center
|
|
World UASI Headquarters!
|
|
Pennsylvania SANsite!
|
|
(412) 475-4969 300/1200/2400/9600
|
|
24 Hours! SysOp: The Road Warrior
|
|
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
|
|
|
|
The Lost Realm
|
|
Western PA UASI site!
|
|
Western PA. SANfranchise
|
|
(412) 588-5056 300/1200/2400
|
|
SysOp: Orion Buster
|
|
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
|
|
|
|
The Last Outpost
|
|
PowerBBS Support Board
|
|
UASI ALPHA Division
|
|
NorthWestern PA UASI site!
|
|
(412) 662-0769 300/1200/2400
|
|
24 hours! SysOp: The Almighty Kilroy
|
|
|
|
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
|
|
|
|
Hellfire BBS
|
|
SANctuary World Headquarters!
|
|
New Jersey UASI site!
|
|
(908) 495-3926 300/1200/2400
|
|
24 hours! SysOp: Red
|
|
|
|
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
|
|
|
|
BlitzKreig BBS
|
|
Home of TAP
|
|
(502)499-8933
|
|
|
|
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
|
|
|
|
|
|
|
|
===========================================================================
|
|
AIX uucp Vulnerability
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
Information concerning a vulnerability with the UUCP software in
|
|
versions of AIX up to 2007. The vulnerability does not exist in
|
|
AIX 3.2.
|
|
|
|
IBM is aware of this problem, and a fix is available as apar number
|
|
"ix18516". This patch is available for all AIX releases from GOLD to
|
|
2006.
|
|
|
|
The fix is in the 2007 update and 3.2 release of AIX. IBM customers may
|
|
call IBM Support (800-237-5511) and ask that the fix be shipped to them.
|
|
Patches may be obtained outside the U.S. by contacting your local IBM
|
|
representative.
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
I. Description
|
|
|
|
Previous versions, except AIX 3.2, of the UUCP software contained
|
|
incorrectly configured versions of various files.
|
|
|
|
|
|
II. Impact
|
|
|
|
Local users can execute unauthorized commands and gain unauthorized
|
|
root access.
|
|
|
|
|
|
III. Solution
|
|
|
|
- If allowing users access to the uucp isn't necessary, disable it.
|
|
|
|
% chmod 0100 /usr/bin/uucp
|
|
|
|
- Obtain the fix from IBM Support.
|
|
|
|
- Install the fix following the instructions in the README file.
|
|
|
|
===========================================================================
|
|
AIX /bin/passwd Vulnerability
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
Information concerning a vulnerability with the passwd command in
|
|
AIX 3.2 and the 2007 update of AIX 3.1.
|
|
|
|
IBM is aware of this problem, and a fix is available as apar number
|
|
"ix23505". Patches are available for AIX 3.2 and the 2007 update of
|
|
AIX 3.1.
|
|
|
|
This fix may be ordered from Level 2 support or by anonymous ftp from
|
|
software.watson.ibm.com (129.34.139.5) on the Internet.
|
|
|
|
1. To order from IBM call 1-800-237-5511 and ask
|
|
that the fix be shipped. Patches may be obtained
|
|
outside the U.S. by contacting your local IBM
|
|
representative.
|
|
|
|
2. If you are on the Internet, use anonymous ftp to obtain
|
|
the fix from software.watson.ibm.com.
|
|
|
|
Patch Filename Checksum
|
|
AIX 3.2 pub/aix3/pas.32.tar.Z 54431 2262
|
|
AIX 3.1 2007 pub/aix3/pas.31.tar.Z 06703 99
|
|
|
|
Patches should be retrieved using binary mode.
|
|
|
|
|
|
IBM is currently incorporating the fix into the 3.2 version and 3.1
|
|
updates of AIX. Future shipments of these products should not be
|
|
vulnerable to this problem. If you have any questions about products
|
|
you receive, please contact your IBM representative.
|
|
---------------------------------------------------------------------------
|
|
|
|
I. Description
|
|
|
|
The passwd command contains a security vulnerability.
|
|
|
|
II. Impact
|
|
|
|
Local users can gain unauthorized root access.
|
|
|
|
III. Solution
|
|
|
|
A. As root, disable /bin/passwd until you obtain and install
|
|
the patch.
|
|
|
|
# chmod 0500 /bin/passwd
|
|
|
|
B. Obtain the fix from IBM and install according to the
|
|
directions provided with the patch.
|
|
|