[28941] in bugtraq
Re: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX
daemon@ATHENA.MIT.EDU (Keith Stevenson)
Wed Feb 19 12:20:02 2003
Date: Tue, 18 Feb 2003 06:23:22 -0500
From: Keith Stevenson <keith.stevenson@louisville.edu>
To: choi sungwoon <monocat2@hanmail.net>
Message-ID: <20030218112322.GA17728@osaka.louisville.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030217070023.9605.qmail@mail.securityfocus.com>
On Mon, Feb 17, 2003 at 07:00:23AM -0000, choi sungwoon wrote:
>
> 1. /usr/bin/enq
> /*
> http://online.securityfocus.com/bid/2034
This one is quite old. As referenced in the above URL, enq is fixed by APAR
IY08143. The vulnerability was resolved in filesets:
bos.rte.printers:4.3.3.1
printers.rte:4.3.3.11
>
> 2. /usr/bin/X11/aixterm
> /*
> [dragory@aix dragory]$ cp /usr/bin/X11/aixterm ./test
> [dragory@aix dragory]$ ./test -display x.x.x.x:0 -im `perl -
> e 'print "x"x400'`
> Segmentation fault (core dumped)
You appear to be overflowing the input method identifier here. I don't see
anything explicitly mentioning this vulnerability in IBM's patch database. I
would be very interested in seeing the output of 'oslevel -r' and
'lslpp -al X11.apps.aixterm' on your test system.
Regards,
--Keith Stevenson--
--
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
keith.stevenson@louisville.edu
GPG key fingerprint = 332D 97F0 6321 F00F 8EE7 2D44 00D8 F384 75BB 89AE
