[28927] in bugtraq
Re: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX
daemon@ATHENA.MIT.EDU (Shiva Persaud)
Tue Feb 18 12:01:14 2003
Reply-To: Shiva Persaud <shivapd@us.ibm.com>
To: choi sungwoon <monocat2@hanmail.net>
Message-ID: <OF64028278.948E8705-ON87256CD1.0004B525@us.ibm.com>
From: Shiva Persaud <shivapd@us.ibm.com>
Date: Mon, 17 Feb 2003 18:52:50 -0600
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
<1>
The aixterm issue is addressed in an efix which can be downloaded from:
ftp://ftp.software.ibm.com/aix/efixes/security/libIM_efix.tar.Z.
<2>
The enq issue was fixed in Feb 2000. The following filesets contain the most
current version of enq:
For AIX 4.3.3:
bos.rte.printers.4.3.3.78
For AIX 5.1.0:
bos.rte.printers.5.1.0.25
For AIX 5.2.0:
bos.rte.printers.5.2.0.0
To request the PGP public key that can be used to encrypt new AIX
security vulnerabilities, send email to security-alert@austin.ibm.com
with a subject of "get key".
Shiva Persaud
AIX Security Developer
shivapd@us.ibm.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (AIX)
iD8DBQE+UYPXcnMXzUg7txIRAkRNAJsFOHbxbkAc/pqqZFCCr3YK9vy5DACeMmN6
ALLNjBcnTx+VfZIiuPCDzdQ=
=ufwJ
-----END PGP SIGNATURE-----
Shiva Persaud
AIX Security Developer
Phone: 512-838-1192
shivapd@us.ibm.com
choi sungwoon
<monocat2@hanmail To: bugtraq@securityfocus.com
.net> cc:
Subject: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX
02/17/2003 01:00
AM
Please respond to
Shiva Persaud
/*
Title: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX
Vulnerability found by Esa Etelavoun, iDEFFENSE
Author: green(green@wowhacker.org), dragory(dragory@wowhacker.org)
Tested on AIX 4.3.3/RS6000
Reference: lsd-pl.net's exploit
Thanks to wowcode & overhead team at Wowhacker(http://www.wowhacker.org)
*/
I tested BOF in AIX lately.
These are exploits of /usr/bin/enq and /usr/bin/X11/aixterm in AIX.
(My system language is Korean...)
