Bugtraq mailing list archives
Users can modify routing in AIX 4.1
From: djr () saa-cons co uk (Dave Roberts)
Date: Mon, 2 Dec 1996 09:55:06 +0000
The foundations of this originally came from Marcio d'Avila Scheibler <marcio () CPD UFSM BR> on the AIX-L mailing list. In AIX 4.1, the permissions on /usr/sbin/route are 4555. This means that anyone with local access on the machine can modify the routing tables, to do whatever they want. Obviously fixing it simply requires the removal of execute permission for other, and possibly group if you want it. Version 3.2.5 have the permissions at 4554, which is more acceptable. Hopefully IBM will change the permissions back when the release the next version. -- Dave Roberts For PGP Key - send mail with subject of 'get pgp':- Senior Unix Admin < 51 4B 6A 35 3F C4 B6 3D 13 88 0C B2 48 61 51 1C > SAA Consultants Ltd Std disclaimer applies, it's nothing to do with them Plymouth, UK. Tel: +44 1752 606000 Fax: +44 1752 606838
Current thread:
- Vulnrability in test-cgi... Apropos of Nothing (Nov 30)
- denial of service attack on login NuNO (Dec 01)
- Re: Vulnrability in test-cgi... Roger Espel Llima (Dec 01)
- Little feature/bug in RedHat Linux Antti Andreimann (Dec 01)
- Users can modify routing in AIX 4.1 Dave Roberts (Dec 02)
- Re: Users can modify routing in AIX 4.1 Troy Bollinger (Dec 02)
- <Possible follow-ups>
- Re: Vulnrability in test-cgi... Jesus Altuve (Dec 02)
- Re: Vulnrability in test-cgi... Joe Zbiciak (Dec 02)
- /bin/ksh sparc code Kichang Yang (Dec 03)
- AltaVista Firewall for UNIX Sarah Keating (Dec 03)