[12370] in bugtraq
Re: IBM AIX Packet Filter module (followup)
daemon@ATHENA.MIT.EDU (Brumbles)
Thu Oct 28 14:45:01 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSI.3.95.991027175919.9048K-100000@secure.i1.net>
Date: Wed, 27 Oct 1999 18:23:34 -0500
Reply-To: Brumbles <brummie@SECURE.I1.NET>
From: Brumbles <brummie@SECURE.I1.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991026134739.A29974@austin.ibm.com>
Thank you to all respondants re the above, especially Troy from IBM who
has raised a defect, responded very quickly and has offered a temporary
patch, definatly an excellent responce. The problem seems to be
with the declaration of the port being short rather than unsigned short.
Negative values for -P do not work as a few people suggested.
Security bugs with AIX should be addressed to
security-alert@austin.ibm.com
This, in the experience of myself and others who replied is much faster
method of getting security related problems fixed.
Thanks again,
Brum
On Tue, 26 Oct 1999, Troy A. Bollinger wrote:
> Quoting Brumbles (brummie@SECURE.I1.NET):
> >
> > I have tried unsuccessfully to get any response from IBM on the following,
> > apparently unless you have a support contract you cant report bugs..
> > (well.. you can.. "Program Services", but thats a link to /dev/null
> > apparently.)
>
> You can always send new AIX vulnerabilities to the
> security-alert@austin.ibm.com mail address.
>
> > AixLevel AIX4.3.2
> > Packet Filtering Module, in particular the command genfilt does not allow
> > the addition of filters with port numbers greater than 32767
> >
>
> I've opened defect 289790 to address this. It appears to be caused by
> using a "short" instead of an "unsigned short" for the port number.
>
> --
> Troy Bollinger troy@austin.ibm.com
> AIX Security Development security-alert@austin.ibm.com
> PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
>
