[11020] in bugtraq
Re: aix 4.2 4.3.1, adb
daemon@ATHENA.MIT.EDU (Troy A. Bollinger)
Wed Jul 14 15:00:08 1999
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=pf9I7BMVVzbSWLtt; micalg=pgp-md5;
protocol="application/pgp-signature"
Message-Id: <19990713213701.A21676@austin.ibm.com>
Date: Tue, 13 Jul 1999 21:37:01 -0500
Reply-To: "Troy A. Bollinger" <troy@AUSTIN.IBM.COM>
From: "Troy A. Bollinger" <troy@AUSTIN.IBM.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <15759.990712@21cn.com>; from GZ Apple on Mon, Jul 12,
1999 at 06:13:13PM +0800
--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Quoting GZ Apple (gzapple@21cn.com):
>
> Local users can halt the operating system by 'adb' command under my AIX
> box.
>
This affects AIX 4.2.x and 4.3.x (including 4.3.2). We're still working
on the official fix, but here's an excerpt from the soon-to-be-released
advisory.
Any questions regarding this vulnerability or other AIX security holes
can be sent to security-alert@austin.ibm.com.
-------------------- 8< --------------------
A temporary fix is available via anonymous ftp from:
ftp://aix.software.ibm.com/aix/efixes/security/adb_hang.tar.Z
Filename sum md5
======================================================================
unix_mp.42.adb_hang_fix 00772 2693 960214a1945f2c70311283adc0b231a3
unix_mp.43.adb_hang_fix 15044 3302 584d1c5ea0223110e2d8eba84388f526
This temporary fix has not been fully regression tested. The fix
consists of a multiprocessor kernel which can be used on either a
uniprocessor or multiprocessor machine. There may be a slight
performance penalty when using a multiprocessor kernel on a
uniprocessor machine.
Use the following steps (as root) to install the temporary fix:
1. Determine the version of the kernel fileset on your machine.
# lslpp -l <fileset>
If the version of the kernel fileset for your machine is not at
the level described below, install the requisite APAR listed.
This will help ensure that the temporary kernel fix will run
properly.
Release Fileset Version requisite APAR
===============================================================
AIX 4.2.x bos.mp or bos.up 4.2.1.23 IY00689
AIX 4.3.x bos.mp or bos.up 4.3.2.8 IY00727
2. Uncompress and extract the fix.
# uncompress < adb_hang.tar.Z | tar xf -
# cd adb_hang
3. Review and run the adb_hang.sh script to install the new kernel.
# view ./adb_hang.sh
# ./adb_hang.sh
4. Reboot.
--
Troy Bollinger troy@austin.ibm.com
AIX Security Development security-alert@austin.ibm.com
PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
MessageID: rBefBmg5uiuoW+pibX6Hzuf9Jvmvk2+O
iQCVAwUBN4v3zMjqvEm3eDEpAQHFHAP9HdUxGfYE2HigDYRy4SDkams9HqUu0oDG
3yzgJSk1PpSo8p2Tk9ZLr0JAKYYWptk/uqj6hSnliApsBBZOSCROhEtCoZEOGLBB
MWVhP8dCg6Z/s6JMa5VybWITHEKFOjQskBdmbMq252W0UlXvKoT5aZ/lR1gjebFC
zWK2Iu+vmto=
=dmhu
-----END PGP SIGNATURE-----
--pf9I7BMVVzbSWLtt--
