Re: nslookup on aix 4.x

[troy () AUSTIN IBM COM (Troy A. Bollinger)]

Quoting Andreas Mueller (andreas.mueller () STUDENT UNI-TUEBINGEN DE):
> if nslookup is installed with the s-bit all users can
> create and overwrite files owned by root. this works
> in the interactive mode, when dumping dns-records to a
> file (with ls -d DOMAINNAME > FILE for example).

This was fixed over a year ago and documented in the IBM-ERS advisory
ERS-SVA-E01-1997:008.1 available from http://www.ers.ibm.com.

> p.s.: if this has already been reported to this list - sorry for
>       my lazyness to search an archive of bugtraq.
> --

That's ok.  It lets me plug our security newsletter.  ;-)

We've fixed lots of bugs in the last year (see the recent post by Ciaran
Deignan <Ciaran.Deignan () BULL NET> titled "Security_APARs").  I encourage
AIX customers to subscribe to the AIX security newsletter by sending a
note to aixserv () austin ibm com with a subject of:

  subscribe Security Security_APARs

And remember, you can always send new AIX vulnerabilities to
security-alert () austin ibm com.  I promise to work just as hard on bugs
reported there as I do on bugs reported here (even if they're reported
the day before Valentine's Day.  ;-)

Thanks.
--
Troy Bollinger                            troy () austin ibm com
AIX Security Development        security-alert () austin ibm com
PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy