Bugtraq mailing list archives

Re: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX

From: Keith Stevenson <keith.stevenson () louisville edu>
Date: Tue, 18 Feb 2003 06:23:22 -0500

On Mon, Feb 17, 2003 at 07:00:23AM -0000, choi sungwoon wrote:


1. /usr/bin/enq
/*
http://online.securityfocus.com/bid/2034


This one is quite old.  As referenced in the above URL, enq is fixed by APAR
IY08143.  The vulnerability was resolved in filesets:

bos.rte.printers:4.3.3.1
printers.rte:4.3.3.11


2. /usr/bin/X11/aixterm
/*
[dragory@aix dragory]$ cp /usr/bin/X11/aixterm ./test
[dragory@aix dragory]$ ./test -display x.x.x.x:0 -im `perl -
e 'print "x"x400'`
Segmentation fault (core dumped)


You appear to be overflowing the input method identifier here.  I don't see
anything explicitly mentioning this vulnerability in IBM's patch database.  I
would be very interested in seeing the output of 'oslevel -r' and
'lslpp -al X11.apps.aixterm' on your test system.

Regards,
--Keith Stevenson--

--
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
keith.stevenson () louisville edu
GPG key fingerprint =  332D 97F0 6321 F00F 8EE7  2D44 00D8 F384 75BB 89AE

Current thread:

/usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX choi sungwoon (Feb 17)
- Re: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX Keith Stevenson (Feb 19)
- <Possible follow-ups>
- Re: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX Shiva Persaud (Feb 18)