Bugtraq mailing list archives
Re: (forw) rsh bufferoverflow on AIX 4.2
From: Troy Bollinger <troy () austin ibm com>
Date: Tue, 12 Jun 2001 12:02:50 -0500
Quoting ymc () iss com tw:
From: "ox" <ymc () iss com tw> To: <bugtraq () securityfocus com> Subject: rsh bufferoverflow on AIX 4.2 Date: Tue, 12 Jun 2001 11:40:20 +0800 Message-ID: <NFBBLJDKGKGPELLLMCNEOELICAAA.ymc () iss com tw> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Hello bugtraq, I am sorry if the problem had been found before, that is bufferoverflow what I found both /usr/bin/rsh and /usr/lpp/ssp/rcmd/bin/rsh.
Hi, Based on the gdb session you've gave, it appears that this is the same vulnerability as reported to bugtraq back in 1996. It can be fixed by applying one of the following APARs: Abstract: buffer overflow in gethostbyname() 3.2 APAR: IX60927 4.1 APAR: IX61019 4.2 APAR: IX62144 If you have further questions regarding this vulnerability or other AIX security issues, you can reach the AIX security team at: mailto:security-alert () austin ibm com -- Troy Bollinger <troy () austin ibm com> Network Security Analyst PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
Current thread:
- Re: (forw) rsh bufferoverflow on AIX 4.2 Troy Bollinger (Jun 12)