Bugtraq mailing list archives
lquerypv fix
From: troy () austin ibm com (Troy Bollinger)
Date: Mon, 25 Nov 1996 09:51:08 -0600
Hi, IBM is working on a permanent fix to this problem. In the meantime, system administrators can close this security window with the e-fix of: chmod -s /usr/sbin/lquerypv This should not affect the basic behavior of the LVM high level commands that call lquerypv. Yes, the lquery* commands have the setuid issue but only the "-h" option, which was placed there to help with problem diagnostics, would constitute a security problem. The apars which will fix this problem are: 4.1 - ix64203 4.2 - ix64204 We apologize for the inconvenience and ask you to use the e-fix method until the apars are available for ordering. Aleph One wrote:
There may exists a vulnerability in the lquerypv command under AIX. I'am not sure what version yet. Please try to fallowing command: /usr/sbin/lquerypv -h /etc/security/passwd You can substitute /etc/security/passwd for any other unreadable file. If the program is able to dump the file (maybe in hex) you got a problem. Please email me what version of AIX you are running, patch level, and if you are vulnerable. I will summarize the resuls and post them to the list. Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
-- +---------------- I do not speak for IBM! ------------------+ |Troy Bollinger | email: troy () austin ibm com| |AIX Security Development | Sometimes the old ways are best.| +-------- AIX security bugs: security () austin ibm com --------+
Current thread:
- Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit, (continued)
- Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Casper Dik (Nov 19)
- Futile rexecd holes jaeger (Nov 18)
- Re: Futile rexecd holes Roger Espel Llima (Nov 19)
- Irix: new LicenseManager is safe? No way Yuri Volobuev (Nov 22)
- Re: Futile rexecd holes Jon Peatfield (Nov 22)
- Administratrivia Aleph One (Nov 22)
- Administratrivia Scriptors of DOOM (Nov 23)
- A Stupid script. Efrain Torres (Nov 22)
- A Stupid script. Aleph One (Nov 24)
- AIX lquerypv Aleph One (Nov 25)
- lquerypv fix Troy Bollinger (Nov 25)
- Security Problems in XMCD David J. Meltzer (Nov 25)
- FreeBSD Security Advisory: FreeBSD-SA-96:18.lpr FreeBSD Security Officer (Nov 25)
- Digital FW2.0 question Peter Dieth (Nov 26)
- Re: Digital FW2.0 question Alan Cox (Nov 27)
- Re: FreeBSD Security Advisory: FreeBSD-SA-96:18.lpr Warner Losh (Nov 26)
- XMCD v2.1 released (was: Security Problems in XMCD) Xmcd Admin (Nov 25)
- Security Problems in XMCD 2.1 David J. Meltzer (Nov 26)
- Re: Security Problems in XMCD 2.1 Theo Van Dinter (Nov 26)
- Re: Security Problems in XMCD 2.1 Jim Dennis (Nov 26)
- Re: Security Problems in XMCD 2.1 Alan Cox (Nov 27)