[16551] in bugtraq
Re: aix allows clearing the interface stats
daemon@ATHENA.MIT.EDU (Troy Bollinger)
Mon Sep 4 21:15:21 2000
Mail-Followup-To: alex medvedev <alexm@PYCCKUE.ORG>, BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000904110856.A23164@austin.ibm.com>
Date: Mon, 4 Sep 2000 11:08:56 -0500
Reply-To: Troy Bollinger <troy@AUSTIN.IBM.COM>
From: Troy Bollinger <troy@AUSTIN.IBM.COM>
X-To: alex medvedev <alexm@PYCCKUE.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0009030003260.10330-100000@quake.pycckue.org>;
from alexm@PYCCKUE.ORG on Sun, Sep 03, 2000 at 12:28:07AM -0500
Quoting alex medvedev (alexm@PYCCKUE.ORG):
>
> aix versions 4.x.x will let a non-priveledged user clear the
> network interface statistics, thus annoying system administrators and
> interfering with the system scripts that depend on those numbers >:-]
>
> $ netstat -in --> shows stats
> $ netstat -Zi --> clears them without checking the uid
>
> ibm was informed about a month ago and the problem was taken care of.
>
The fix for this problem is still in the testing phase. When released,
customers can order the following APAR:
Abstract: non-root users can issue the netstat -Z flag
4.3.x APAR: IY12147
--
Troy Bollinger <troy@austin.ibm.com>
Network Security Analyst
PGP keyid: 1024/0xB7783129
Troy's opinions are not IBM policy
