Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0678 -- [AIX]
Multiple AIX vulnerabilities
26 September 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: fcstat
ibstat
inventory scout
mkpath
xlplm
svprint
swcons
uucp
perfstat kernel extension
Publisher: IBM
Operating System: AIX 5.2
AIX 5.3
Impact: Execute Arbitrary Code/Commands
Delete Arbitrary Files
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2007-4791 CVE-2007-4792 CVE-2007-4793
CVE-2007-4794 CVE-2007-4795 CVE-2007-4796
CVE-2007-4797 CVE-2007-4798 CVE-2007-4799
Revision History: September 26 2007: IBM has updated the Terminal, fcstat,
swcons and perfstat advisories
September 6 2007: Added CVE references
September 6 2007: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
IBM SECURITY ADVISORY
First Issued: September 5, 2007
===============================================================================
VULNERABILITY SUMMARY
VULNERABILITY: Multiple AIX vulnerabilities for the week of Sept. 3, 2007
PLATFORMS: AIX 5.2 & 5.3
SOLUTION: Apply the APAR, interim fix or workaround as described
in the associated vulnerability advisories.
THREAT: See individual advisories.
CERT VU Number: n/a
CVE Number: n/a
===============================================================================
DETAILED INFORMATION
I. OVERVIEW
This advisory is intended to address multiple vulnerabilities found in the
AIX operating system. These fixes can also be found in the following
service packs, when available:
AIX 5.2 TL10 SP3
AIX 5.3 TL06 SP4
Prior to service pack availability, fixes can be obtained by ordering
the individual APARs for each fix.
II. DESCRIPTION
The following advisories are being issued for the week of Sept. 3, 2007.
A. AIX fcstat buffer overflow vulnerability
5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3844
5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3843
Reboot: NO
Workarounds: YES
B. IBM AIX ibstat buffer overflow vulnerability
5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3845
Reboot: NO
Workarounds: YES
C. AIX inventory scout file deletion vulnerability
5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3847
5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3846
Reboot: NO
Workarounds: NO
D. AIX mkpath buffer overflow vulnerability
5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3849
5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3848
Reboot: NO
Workarounds: YES
E. AIX xlplm buffer overflow vulnerability
5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3854
5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3853
Reboot: NO
Workarounds: YES
F. IBM AIX svprint commands buffer overflow vulnerability
5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3838
5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3837
Reboot: NO
Workarounds: YES
G. AIX swcons buffer overflow vulnerability
5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3856
5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3855
Reboot: NO
Workarounds: YES
H. AIX uucp UNIX-to-UNIX copy buffer overflow vulnerability
5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3852
5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3851
Reboot: NO
Workarounds: YES
I. AIX perfstat kernel extension denial of service vulnerability
5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3850
Reboot: YES
Workarounds: NO
III. IMPACT
The above vulnerabilities range from buffer overflow conditions to denial
of service threats. These may allow users to execute arbitrary code with
superuser privileges or deny the use of resources to other users.
IV. PLATFORM VULNERABILITY ASSESSMENT
See the specific advisories for details.
V. SOLUTIONS
A. APARS
See the specific advisories for details.
B. INTERIM FIXES
See the specific advisories for details.
C. INTERIM FIX INSTALLATION
See the specific advisories for details.
VI. WORKAROUNDS
See the specific advisories for details.
VII. OBTAINING FIXES
AIX Version 5 APARs can be downloaded from:
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html
Security related Interim Fixes can be downloaded from:
ftp://aix.software.ibm.com/aix/efixes/security
VII. CONTACT INFORMATION
If you would like to receive AIX Security Advisories via email, please
visit:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd
Comments regarding the content of this announcement can be directed to:
security-alert@austin.ibm.com
To request the PGP public key that can be used to communicate
securely with the AIX Security Team you can either:
A. Send an email with "get key" in the subject line to:
security-alert@austin.ibm.com
B. Download the key from a PGP Public Key Server. The key ID is:
0x4265D862
Please contact your local IBM AIX support center for any assistance.
eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their
respective holders.
VIII. ACKNOWLEDGMENTS
These vulnerabilities were discovered internal to IBM as part of its
commitment to securing the AIX operating system.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (AIX)
iD8DBQFG3tUn0eNzcEJl2GIRAqtfAJwOTPpLkQ+I8O0JxLVS3CjsgO/FhACeICHn
2VuCAEi/lR3OlSvX+MB1QjI=
=RRdJ
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
IBM SECURITY ADVISORY
First Issued: Tue Sep 18 11:01:34 CDT 2007
===============================================================================
VULNERABILITY SUMMARY
VULNERABILITY: Updates to the text of four previously issued advisories.
PLATFORMS: AIX 5.2 & 5.3
SOLUTION: Apply the APAR, interim fix or workaround as described
in the associated vulnerability advisories.
THREAT: See individual advisories.
CERT VU Number: n/a
CVE Number: n/a
===============================================================================
DETAILED INFORMATION
I. OVERVIEW
Errors in the text of four previously issued advisories have been
corrected.
II. DESCRIPTION
The following advisories have been updated:
A. AIX capture Terminal Control Sequence Stack Buffer Overflow
Vulnerability
AIX 5.2:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3884
AIX 5.3:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3883
Reboot: NO
Workarounds: YES
B. AIX fcstat buffer overflow vulnerability
AIX 5.2:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3886
AIX 5.3:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3885
Reboot: NO
Workarounds: YES
C. AIX swcons buffer overflow vulnerability
AIX 5.2:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3889
AIX 5.3:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3888
Reboot: NO
Workarounds: YES
D. AIX perfstat kernel extension denial of service vulnerability
AIX 5.3:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3887
Reboot: YES
Workarounds: NO
III. IMPACT
The above vulnerabilities range from buffer overflow conditions to denial
of service threats. These may allow users to execute arbitrary code with
superuser privileges or deny the use of resources to other users.
IV. PLATFORM VULNERABILITY ASSESSMENT
See the specific advisories for details.
V. SOLUTIONS
A. APARS
See the specific advisories for details.
B. INTERIM FIXES
See the specific advisories for details.
C. INTERIM FIX INSTALLATION
See the specific advisories for details.
VI. WORKAROUNDS
See the specific advisories for details.
VII. OBTAINING FIXES
AIX Version 5 APARs can be downloaded from:
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html
Security related Interim Fixes can be downloaded from:
ftp://aix.software.ibm.com/aix/efixes/security
VIII. CONTACT INFORMATION
If you would like to receive AIX Security Advisories via email, please
visit:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd
Comments regarding the content of this announcement can be directed to:
security-alert@austin.ibm.com
To request the PGP public key that can be used to communicate
securely with the AIX Security Team you can either:
A. Send an email with "get key" in the subject line to:
security-alert@austin.ibm.com
B. Download the key from a PGP Public Key Server. The key ID is:
0xA6A36CCC
Please contact your local IBM AIX support center for any assistance.
eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their
respective holders.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (AIX)
iD8DBQFG8DPG8lficKajbMwRAoEXAJ9mWRbZXW60JiKSVYF7vFhZoftk/gCffSHL
tufIo9RMlByXmw5MaDdGtbI=
=usHr
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRvn8ESh9+71yA2DNAQJ7mwP+J3xNOsaYp+AKYcICwqX/YgkBYKurw/3R
Qa5L2H8p5strrd9hbRJj9HNj47T1DhCMvH691gSOvPE4EY99adXCdO0RXRSgmMjo
w7SguxN3hO2AzCygBzwCzItdLI/GqWCqlnn00gmBoKzdRT++vji2dtJOs2vwknCd
nUGt1FO2WlU=
=ZseJ
-----END PGP SIGNATURE-----