APR-22-2004-CONSOLE
Published: 2004-04-22 16:55:30
Updated: 2004-06-07 16:55:30
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
IBM SECURITY ADVISORY
First Issued: Thu Apr 22 15:17:51 CDT 2004
|Updated: Mon Jun 7 15:47:06 CDT 2004
|Updated: Removed efix information
|Updated: Updated APAR availability information
===========================================================================
VULNERABILITY SUMMARY
VULNERABILITY: symlink vulnerabilities in console commands.
PLATFORMS: AIX 5.1 and 5.2.
|Updated: Mon Jun 7 15:47:06 CDT 2004
|Updated: Removed efix information
|SOLUTION: Apply the APARs as described below.
THREAT: A local attacker may cause data destruction or a denial
of service.
CERT VU Number: N/A
CVE Number: N/A
===========================================================================
DETAILED INFORMATION
I. Description
===============
A symlink vulnerability was discovered in some console commands that allow
an attacker to overwrite arbitrary system files. This could lead to data
destruction or a denial of service. Successful exploitation of this issue
would require the root user to execute the vulnerable commands and
unintentionally write to the source file of a symbolic link created by
the attacker. In some cases a non-root user in the system group may exploit
this vulnerability. These issues were discovered internally; at this time
there are no known exploits in the wild.
The commands affected by these issues ship as part of the bos.rte.console
and bos.rte.serv_aid filesets. To determine if these filesets are
installed, execute the following commands:
# lslpp -L bos.rte.console bos.rte.serv_aid
If the filesets are installed they will be listed along with their version
information, state, type and a description.
II. Impact
==========
A local attacker may cause data destruction or a denial of service.
III. Solutions
===============
A. Official Fix
IBM provides the following fixes:
|Updated: Mon Jun 7 15:47:06 CDT 2004
|Updated: Updated APAR availability information
|
| APAR number for AIX 5.1.0: IY55790 (available)
| APAR number for AIX 5.2.0: IY55789 (available)
NOTE: Affected customers are urged to upgrade to 5.1.0 or 5.2.0 at
the latest maintenance level.
|Updated: Mon Jun 7 15:47:06 CDT 2004
|Updated: Removed efix information
IV. Obtaining Fixes
===================
AIX Version 5 APARs can be downloaded from the eServer pSeries Fix Central
web site:
http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp
Security related Emergency Fixes can be downloaded from:
ftp://aix.software.ibm.com/aix/efixes/security
V. Contact Information
========================
If you would like to receive AIX Security Advisories via email, please visit:
https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs
Comments regarding the content of this announcement can be directed to:
security-alert@austin.ibm.com
To request the PGP public key that can be used to communicate securely
with the AIX Security Team send email to security-alert@austin.ibm.com
with a subject of "get key". The key can also be downloaded from a
PGP Public Key Server. The key id is 0x3AE561C3.
Please contact your local IBM AIX support center for any assistance.
eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their
respective holders.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
iD8DBQFAxOSb+0ah+jrlYcMRArgoAKDzcibxmqendTLxx3k15RvmATGetgCg6Bmd
YSYywRii+v59+J9zg3H/1FY=
=kc9t
-----END PGP SIGNATURE-----
