[14833] in bugtraq
Re: AIX 4.1.4.0 local root LC_MESSAGES /usr/sbin/arp exploit
daemon@ATHENA.MIT.EDU (Troy Bollinger)
Mon May 8 13:31:53 2000
Mail-Followup-To: cripto <cripto@subterrain.net>, bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000508080508.A25608@austin.ibm.com>
Date: Mon, 8 May 2000 08:05:09 -0500
Reply-To: Troy Bollinger <troy@AUSTIN.IBM.COM>
From: Troy Bollinger <troy@AUSTIN.IBM.COM>
X-To: cripto <cripto@subterrain.net>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000507023717.A24509@subterrain.net>; from
cripto@SUBTERRAIN.NET on Sun, May 07, 2000 at 02:37:17AM -0700
Quoting cripto (cripto@SUBTERRAIN.NET):
> Hello,
> One of you will have to test this on AIX 4.3, as 4.1.4.0 is the most
> recent release I have access to.
>
> -cripto
> Subterrain Security Group
> http://www.subterrain.net
>
> /*
> * AIX 4.1.4.0 local root /usr/sbin/arp exploit - SSG-arp.c - 06/06/2000
> *
> * This code is largely from an old AIX mount exploit by Georgi Guninski.
> * Tested on a blazing 33Mhz RS/6000 IBM POWERserver 340!
> *
> * Shouts to bind, xdr, obecian, qwer7y, interrupt, linda, and ur mom.
> *
> * -cripto <cripto@subterrain.net> .o0-> SSG ROX 2000 !@#$$#@! <-0o.
> */
This was fixed in 1997 in 3.2, 4.1 and 4.2. The fix is also in the
initial release of 4.3. Here's the APAR information:
AIX 3.2.5
=========
Apply the following fix to your system:
PTFs - U447656 U447671 U447676 U447682 U447705 U447723 (APAR IX67405)
To determine if you have these PTFs on your system, run the following
command:
lslpp -lB U447656 U447671 U447676 U447682 U447705 U447723
AIX 4.1
=======
Apply the following fix to your system:
APAR - IX67407
To determine if you have this APAR on your system, run the following
command:
instfix -ik IX67407
Or run the following command:
lslpp -h bos.rte.libc
Your version of bos.rte.libc should be 4.1.5.7 or later.
AIX 4.2
=======
Apply the following fix to your system:
APAR - IX67377
To determine if you have this APAR on your system, run the following
command:
instfix -ik IX67377
Or run the following command:
lslpp -h bos.rte.libc
Your version of bos.rte.libc should be 4.2.0.11 or later.
--
Troy Bollinger <troy@austin.ibm.com>
Network Security Analyst
PGP keyid: 1024/0xB7783129
Troy's opinions are not IBM policy
