102 lines
3.9 KiB
Plaintext
102 lines
3.9 KiB
Plaintext
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
===========================================================================
|
|
CERT Advisory CA-94:03
|
|
Original issue date: February 24, 1994
|
|
Last revised: --
|
|
|
|
Topic: IBM AIX Performance Tools Vulnerabilities
|
|
- ---------------------------------------------------------------------------
|
|
|
|
The CERT Coordination Center has received information concerning
|
|
vulnerabilities in the "bosext1.extcmds.obj" Licensed Program Product
|
|
(performance tools). These problems exist on IBM AIX 3.2.4 systems that
|
|
have Program Temporary Fixes (PTFs) U420020 or U422510 installed and
|
|
on all AIX 3.2.5 systems.
|
|
|
|
CERT recommends that affected sites apply the workaround provided in
|
|
section III below.
|
|
|
|
|
|
I. Description
|
|
|
|
Vulnerabilities exist in the bosext1.extcmds.obj performance tools
|
|
in AIX 3.2.5 and in those AIX 3.2.4 systems with Program Temporary
|
|
Fixes (PTFs) U420020 or U422510 installed. These problems do not
|
|
exist in earlier versions of AIX.
|
|
|
|
II. Impact
|
|
|
|
Local users can gain unauthorized root access to the system.
|
|
|
|
III. Workaround
|
|
|
|
A. The recommended workaround is to change the permissions of
|
|
all the programs in the /usr/lpp/bosperf directory structure
|
|
so that the setuid bit is removed and the programs can be
|
|
executed only by 'root'. This can be accomplished as follows:
|
|
|
|
% su root
|
|
# chmod -R u-s,og= /usr/lpp/bosperf/*
|
|
|
|
The programs affected by this workaround include:
|
|
filemon, fileplace, genkex, genkld, genld, lvedit,
|
|
netpmon, rmap, rmss, stripnm, svmon, tprof
|
|
|
|
As a result of this workaround, these programs will no longer
|
|
be executable by users other than 'root'.
|
|
|
|
B. Patches for these problems can be ordered as Authorized
|
|
Program Analysis Report (APAR) IX42332.
|
|
|
|
To order an APAR from IBM call 1-800-237-5511 and ask for
|
|
shipment as soon as it is available. APARs may be obtained
|
|
outside the U.S. by contacting your local IBM representative.
|
|
|
|
Any further information that we receive on APAR IX42332 will
|
|
be available by anonymous FTP in the file
|
|
pub/cert_advisories/CA-94:03.README on info.cert.org.
|
|
|
|
- ---------------------------------------------------------------------------
|
|
The CERT Coordination Center wishes to thank Jill K. Bowyer of USAF/DISA
|
|
for reporting this problem and IBM for their prompt response to this problem.
|
|
- ---------------------------------------------------------------------------
|
|
|
|
If you believe that your system has been compromised, contact the CERT
|
|
Coordination Center or your representative in Forum of Incident
|
|
Response and Security Teams (FIRST).
|
|
|
|
Internet E-mail: cert@cert.org
|
|
Telephone: 412-268-7090 (24-hour hotline)
|
|
CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
|
|
and are on call for emergencies during other hours.
|
|
|
|
CERT Coordination Center
|
|
Software Engineering Institute
|
|
Carnegie Mellon University
|
|
Pittsburgh, PA 15213-3890
|
|
|
|
Past advisories, information about FIRST representatives, and other
|
|
information related to computer security are available for anonymous FTP
|
|
on info.cert.org.
|
|
|
|
Copyright 1994 Carnegie Mellon University
|
|
This material may be reproduced and distributed without permission provided
|
|
it is used for noncommercial purposes and the copyright statement is
|
|
included.
|
|
|
|
CERT is a service mark of Carnegie Mellon University.
|
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMiSSSnVP+x0t4w7BAQGjLQP/b4jcKvH0U4rtyOTL+9JqmQcXPC7bf5Xr
|
|
HbeR4Rw0d0J/XBltMqeC8X477PHKXiHiowQuCrT7r1Tgmr616Db3iLWLLWC1k+f+
|
|
N3ItIp3Ch2uKYNyHkMX66gw8rxqcQLTbwmGLuxtnjiFwK5B+qLkkU7MA30rngPnc
|
|
aQas+61SKgE=
|
|
=m9Q3
|
|
-----END PGP SIGNATURE-----
|
|
|