[23495] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login

daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Dec 13 19:15:12 2001

To: BUGTRAQ@securityfocus.com
From: Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>
Date: 13 Dec 2001 12:04:03 +0100
In-Reply-To: <CA-2001-34.1@cert.org> (CERT Advisory's message of "Wed, 12 Dec 2001 18:10:55 -0500 (EST)")
Message-ID: <tgellz4c0s.fsf@mercury.rus.uni-stuttgart.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

CERT Advisory <cert-advisory@cert.org> writes:

> IBM
> 
>    IBM's  AIX  operating system, versions 4.3 and 5.1, are susceptible to
>    this  vulnerability.

Previous versions of AIX seem to be affected, too.  At least AIX 4.2
comes with a login implementation which offers the same environment
variable passing functionality found in AIX 4.3, and passing large
numbers of arguments results in strange behavior.  The tested login
implementation seems to be contained in:

  Fileset                      Level  State  Description 
  ---------------------------------------------------------------------------- 
  bos.rte.security           4.2.1.0    C    Base Security Function 
                             4.2.1.1    C    Base Security Function 

-- 
Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23495] in bugtraq

Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login

daemon@ATHENA.MIT.EDU (Florian Weimer)Thu Dec 13 19:15:12 2001

daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Dec 13 19:15:12 2001