[4578] in bugtraq
Re: AIX 4.2 lquerylv
daemon@ATHENA.MIT.EDU (Bollinger)
Mon May 26 19:19:28 1997
Date: Mon, 26 May 1997 16:26:31 -0500
Reply-To: Bollinger <troy@AUSTIN.IBM.COM>
From: Bollinger <troy@AUSTIN.IBM.COM>
X-To: guninski@hotmail.com
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199705260637.JAA16791@mail.techno-link.com> from "Georgi
Guninski" at May 26, 97 09:36:36 am
-----BEGIN PGP SIGNED MESSAGE-----
Georgi Guninski wrote:
>
> There is a buffer overflow in /usr/sbin/lquerylv which spawns a root shell
> under AIX 4.2, probably 4.x,3.x.
> SOLUTION: #chmod -s /usr/sbin/lquerylv
> Tested on AIX 4.2 RS/6000 box.
>
This (and several other LVM related buffer overflows) are fixed in
the following APARs:
AIX 3.2
=======
APAR IX66230 (PTF U447739)
AIX 4.1
=======
APAR IX66231
Fileset bos.rte.lvm should be 4.1.5.7 or later.
AIX 4.2
=======
APAR IX66232
Fileset bos.rte.lvm should be 4.2.0.12 or later.
A cumulative security APAR is also available from FixDist...
AIX 3.2
=======
APAR IX67999
AIX 4.1
=======
APAR IX67997
AIX 4.2
=======
APAR IX67998
- --
+-------------- I do not speak for IBM! -----------------+
|Troy Bollinger | 92CBR600F2|
|AIX Security Development | troy@austin.ibm.com|
+----------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
iQCVAwUBM4oABwsPbaL1YgqvAQFw6wP/dwjyLm/7B9VHQ2NNFx0sEqgL/qKuQ0JB
97Hm+75KjjNg315SP5ZkB1dDKaWxH9rPKF4luSe8euLZS6EmXhwC+jmG0SI88FGQ
4Dn6hASOWy/Qtj0dmQIsl72tdQzWNKE4XE6ebtRAeFI12ddqhrwbR+XqtM1YsLo/
v6NXLQts/MY=
=vTTe
-----END PGP SIGNATURE-----
