Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0678 -- [AIX] Multiple AIX vulnerabilities 26 September 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: fcstat ibstat inventory scout mkpath xlplm svprint swcons uucp perfstat kernel extension Publisher: IBM Operating System: AIX 5.2 AIX 5.3 Impact: Execute Arbitrary Code/Commands Delete Arbitrary Files Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2007-4791 CVE-2007-4792 CVE-2007-4793 CVE-2007-4794 CVE-2007-4795 CVE-2007-4796 CVE-2007-4797 CVE-2007-4798 CVE-2007-4799 Revision History: September 26 2007: IBM has updated the Terminal, fcstat, swcons and perfstat advisories September 6 2007: Added CVE references September 6 2007: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: September 5, 2007 =============================================================================== VULNERABILITY SUMMARY VULNERABILITY: Multiple AIX vulnerabilities for the week of Sept. 3, 2007 PLATFORMS: AIX 5.2 & 5.3 SOLUTION: Apply the APAR, interim fix or workaround as described in the associated vulnerability advisories. THREAT: See individual advisories. CERT VU Number: n/a CVE Number: n/a =============================================================================== DETAILED INFORMATION I. OVERVIEW This advisory is intended to address multiple vulnerabilities found in the AIX operating system. These fixes can also be found in the following service packs, when available: AIX 5.2 TL10 SP3 AIX 5.3 TL06 SP4 Prior to service pack availability, fixes can be obtained by ordering the individual APARs for each fix. II. DESCRIPTION The following advisories are being issued for the week of Sept. 3, 2007. A. AIX fcstat buffer overflow vulnerability 5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3844 5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3843 Reboot: NO Workarounds: YES B. IBM AIX ibstat buffer overflow vulnerability 5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3845 Reboot: NO Workarounds: YES C. AIX inventory scout file deletion vulnerability 5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3847 5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3846 Reboot: NO Workarounds: NO D. AIX mkpath buffer overflow vulnerability 5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3849 5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3848 Reboot: NO Workarounds: YES E. AIX xlplm buffer overflow vulnerability 5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3854 5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3853 Reboot: NO Workarounds: YES F. IBM AIX svprint commands buffer overflow vulnerability 5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3838 5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3837 Reboot: NO Workarounds: YES G. AIX swcons buffer overflow vulnerability 5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3856 5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3855 Reboot: NO Workarounds: YES H. AIX uucp UNIX-to-UNIX copy buffer overflow vulnerability 5.2 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3852 5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3851 Reboot: NO Workarounds: YES I. AIX perfstat kernel extension denial of service vulnerability 5.3 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3850 Reboot: YES Workarounds: NO III. IMPACT The above vulnerabilities range from buffer overflow conditions to denial of service threats. These may allow users to execute arbitrary code with superuser privileges or deny the use of resources to other users. IV. PLATFORM VULNERABILITY ASSESSMENT See the specific advisories for details. V. SOLUTIONS A. APARS See the specific advisories for details. B. INTERIM FIXES See the specific advisories for details. C. INTERIM FIX INSTALLATION See the specific advisories for details. VI. WORKAROUNDS See the specific advisories for details. VII. OBTAINING FIXES AIX Version 5 APARs can be downloaded from: http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html Security related Interim Fixes can be downloaded from: ftp://aix.software.ibm.com/aix/efixes/security VII. CONTACT INFORMATION If you would like to receive AIX Security Advisories via email, please visit: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd Comments regarding the content of this announcement can be directed to: security-alert@austin.ibm.com To request the PGP public key that can be used to communicate securely with the AIX Security Team you can either: A. Send an email with "get key" in the subject line to: security-alert@austin.ibm.com B. Download the key from a PGP Public Key Server. The key ID is: 0x4265D862 Please contact your local IBM AIX support center for any assistance. eServer is a trademark of International Business Machines Corporation. IBM, AIX and pSeries are registered trademarks of International Business Machines Corporation. All other trademarks are property of their respective holders. VIII. ACKNOWLEDGMENTS These vulnerabilities were discovered internal to IBM as part of its commitment to securing the AIX operating system. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (AIX) iD8DBQFG3tUn0eNzcEJl2GIRAqtfAJwOTPpLkQ+I8O0JxLVS3CjsgO/FhACeICHn 2VuCAEi/lR3OlSvX+MB1QjI= =RRdJ - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Tue Sep 18 11:01:34 CDT 2007 =============================================================================== VULNERABILITY SUMMARY VULNERABILITY: Updates to the text of four previously issued advisories. PLATFORMS: AIX 5.2 & 5.3 SOLUTION: Apply the APAR, interim fix or workaround as described in the associated vulnerability advisories. THREAT: See individual advisories. CERT VU Number: n/a CVE Number: n/a =============================================================================== DETAILED INFORMATION I. OVERVIEW Errors in the text of four previously issued advisories have been corrected. II. DESCRIPTION The following advisories have been updated: A. AIX capture Terminal Control Sequence Stack Buffer Overflow Vulnerability AIX 5.2: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3884 AIX 5.3: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3883 Reboot: NO Workarounds: YES B. AIX fcstat buffer overflow vulnerability AIX 5.2: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3886 AIX 5.3: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3885 Reboot: NO Workarounds: YES C. AIX swcons buffer overflow vulnerability AIX 5.2: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3889 AIX 5.3: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3888 Reboot: NO Workarounds: YES D. AIX perfstat kernel extension denial of service vulnerability AIX 5.3: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3887 Reboot: YES Workarounds: NO III. IMPACT The above vulnerabilities range from buffer overflow conditions to denial of service threats. These may allow users to execute arbitrary code with superuser privileges or deny the use of resources to other users. IV. PLATFORM VULNERABILITY ASSESSMENT See the specific advisories for details. V. SOLUTIONS A. APARS See the specific advisories for details. B. INTERIM FIXES See the specific advisories for details. C. INTERIM FIX INSTALLATION See the specific advisories for details. VI. WORKAROUNDS See the specific advisories for details. VII. OBTAINING FIXES AIX Version 5 APARs can be downloaded from: http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html Security related Interim Fixes can be downloaded from: ftp://aix.software.ibm.com/aix/efixes/security VIII. CONTACT INFORMATION If you would like to receive AIX Security Advisories via email, please visit: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd Comments regarding the content of this announcement can be directed to: security-alert@austin.ibm.com To request the PGP public key that can be used to communicate securely with the AIX Security Team you can either: A. Send an email with "get key" in the subject line to: security-alert@austin.ibm.com B. Download the key from a PGP Public Key Server. The key ID is: 0xA6A36CCC Please contact your local IBM AIX support center for any assistance. eServer is a trademark of International Business Machines Corporation. IBM, AIX and pSeries are registered trademarks of International Business Machines Corporation. All other trademarks are property of their respective holders. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (AIX) iD8DBQFG8DPG8lficKajbMwRAoEXAJ9mWRbZXW60JiKSVYF7vFhZoftk/gCffSHL tufIo9RMlByXmw5MaDdGtbI= =usHr - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRvn8ESh9+71yA2DNAQJ7mwP+J3xNOsaYp+AKYcICwqX/YgkBYKurw/3R Qa5L2H8p5strrd9hbRJj9HNj47T1DhCMvH691gSOvPE4EY99adXCdO0RXRSgmMjo w7SguxN3hO2AzCygBzwCzItdLI/GqWCqlnn00gmBoKzdRT++vji2dtJOs2vwknCd nUGt1FO2WlU= =ZseJ -----END PGP SIGNATURE-----