Bugtraq mailing list archives
AIX Fix Info: NLS environment variables
From: troy () AUSTIN IBM COM (Bollinger)
Date: Thu, 3 Apr 1997 17:29:44 -0600
-----BEGIN PGP SIGNED MESSAGE----- Thu Apr 3 23:28:12 GMT 1997 =============================================================================== VULNERABILITY SUMMARY VULNERABILITY: Buffer overflows in NLS environment variables PLATFORMS: IBM AIX(r) 3.2.x, 4.1.x, 4.2.x SOLUTION: Apply the fixes described below. THREAT: If exploited, this condition may permit unauthorized super-user access to the system =============================================================================== I. Description There are buffer overflows in the way that AIX handles certain NLS environment variables. II. Impact Unprivileged users may gain root access. An exploit has been published detailing this vulnerability. III. Fixes AIX 3.2.5 ========= Apply the following fix to your system: PTFs - U447656 U447671 U447676 U447682 U447705 U447723 (APAR IX67405) To determine if you have these PTFs on your system, run the following command: lslpp -lB U447656 U447671 U447676 U447682 U447705 U447723 AIX 4.1 ======= Apply the following fix to your system: APAR - IX67407 To determine if you have this APAR on your system, run the following command: instfix -ik IX67407 Or run the following command: lslpp -h bos.rte.libc Your version of bos.rte.libc should be 4.1.5.7 or later. AIX 4.2 ======= Apply the following fix to your system: APAR - IX67377 To determine if you have this APAR on your system, run the following command: instfix -ik IX67377 Or run the following command: lslpp -h bos.rte.libc Your version of bos.rte.libc should be 4.2.0.11 or later. Temporary Fixes =============== A temporary patch is available via anonymous ftp from: ftp://testcase.software.ibm.com/aix/fromibm/README.NLS_security_fix ftp://testcase.software.ibm.com/aix/fromibm/NLS_security_fix.42.tar ftp://testcase.software.ibm.com/aix/fromibm/NLS_security_fix.41.tar ftp://testcase.software.ibm.com/aix/fromibm/NLS_security_fix.32.tar MD5 checksums: MD5 (NLS_security_fix.32.tar) = 8382b9907e1c52ba01bb0d54a6398e09 MD5 (NLS_security_fix.41.tar) = 2935f43ebd86e8c64bfae3a533f152f7 MD5 (NLS_security_fix.42.tar) = e3c26df51d27701d5784225da945de8e IV. Acknowledgements Thanks to the FreeBSD team for bringing this problem to our attention and to Georgi Guninski for (almost ;-) waiting until the fix was released. - -- +---------------- I do not speak for IBM! ------------------+ |Troy Bollinger | email: troy () austin ibm com| |AIX Security Development | Sometimes the old ways are best.| +-------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: 2.7.1 iQCVAwUBM0Q9ZwsPbaL1YgqvAQHNTgQAh+bvElgbZgbVvCJv5PnKb4dyTlXw2Aam aGGJfkpsojstXNYlFEXVxlTIv5BgCt9dFBmTuFmZCLkoF0PIVpDYqfxmJjCwQ/4A 6g2N9uHePylnDx7xu2TyP3wQpAywqpCzMG7Yq+wxqgWw7aGXNgELV0WApk1jxXqA U5XLM3kQ4qc= =3BN1 -----END PGP SIGNATURE-----
Current thread:
- AIX Fix Info: NLS environment variables Bollinger (Apr 03)