Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0551 -- [AIX] Multiple AIX advisories 27 May 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: errpt ftpd iostat kernel OpenSSH pioout Publisher: IBM Operating System: AIX 5.2, 5.3, 6.1 Impact: Root Compromise Access Privileged Data Increased Privileges Access: Existing Account CVE Names: CVE-2007-5764 CVE-1999-0201 CVE-2008-1483 CVE-2008-1657 Ref: ESB-2008.0410 Original Bulletin: http://aix.software.ibm.com/aix/efixes/security/pioout_advisory.asc http://aix.software.ibm.com/aix/efixes/security/unix_advisory.asc http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc http://aix.software.ibm.com/aix/efixes/security/ftpd_advisory.asc http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc Comment: This bulletin contains 6 security advisories. Please note that in order to exploit these vulnerabilities local or authenticated access is required, except for the minor information disclosure vulnerability in ftpd. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Wed May 21 11:55:27 CDT 2008 =============================================================================== VULNERABILITY SUMMARY VULNERABILITY: Multiple AIX advisories issued on May 21, 2008 PLATFORMS: AIX 5.2, 5.3, and 6.1 SOLUTION: Apply the fix, interim fix or workaround as described in the associated vulnerability advisories. THREAT: See individual advisories. CERT VU Number: n/a CVE Number: n/a =============================================================================== DETAILED INFORMATION I. OVERVIEW This advisory addresses multiple vulnerabilities found in the AIX operating system. See the individual advisories for service pack availability dates. II. DESCRIPTION The following advisories are being issued on May 21, 2008: A. UPDATE AIX pioout buffer overflow Advisory: http://aix.software.ibm.com/aix/efixes/security/pioout_advisory.asc ftp://aix.software.ibm.com/aix/efixes/security/pioout_advisory.asc Fix: http://aix.software.ibm.com/aix/efixes/security/pioout_ifix.tar ftp://aix.software.ibm.com/aix/efixes/security/pioout_ifix.tar Reboot: NO Workarounds: YES B. AIX unix kernel buffer overflow Advisory: http://aix.software.ibm.com/aix/efixes/security/unix_advisory.asc ftp://aix.software.ibm.com/aix/efixes/security/unix_advisory.asc Fix: http://aix.software.ibm.com/aix/efixes/security/unix_fix.tar ftp://aix.software.ibm.com/aix/efixes/security/unix_fix.tar Reboot: YES Workarounds: NO C. AIX errpt buffer overflow Advisory: http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc ftp://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc Fix: http://aix.software.ibm.com/aix/efixes/security/errpt_fix.tar ftp://aix.software.ibm.com/aix/efixes/security/errpt_fix.tar Reboot: NO Workarounds: YES D. AIX anonymous ftpd information leak Advisory: http://aix.software.ibm.com/aix/efixes/security/ftpd_advisory.asc ftp://aix.software.ibm.com/aix/efixes/security/ftpd_advisory.asc Fix: http://aix.software.ibm.com/aix/efixes/security/ftpd_fix.tar ftp://aix.software.ibm.com/aix/efixes/security/ftpd_fix.tar Reboot: NO Workarounds: NO E. AIX iostat environment variable error Advisory: http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc ftp://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc Fix: http://aix.software.ibm.com/aix/efixes/security/iostat_fix.tar ftp://aix.software.ibm.com/aix/efixes/security/iostat_fix.tar Reboot: NO Workarounds: YES F. AIX OpenSSH multiple vulnerabilities Advisory: http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc ftp://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc Fix: AIX 5.2: http://downloads.sourceforge.net/openssh-aix/openssh-4.7_5201.tar.Z AIX 5.3: http://downloads.sourceforge.net/openssh-aix/openssh-4.7_5301.tar.Z AIX 6.1: http://downloads.sourceforge.net/openssh-aix/openssh-4.7_5301aix61.tar.Z Reboot: NO Workarounds: NO III. IMPACT See the specific advisories for details. IV. PLATFORM VULNERABILITY ASSESSMENT See the specific advisories for details. V. SOLUTIONS A. APARS See the specific advisories for details. B. FIXES See the specific advisories for details. C. FIX INSTALLATION See the specific advisories for details. VI. WORKAROUNDS See the specific advisories for details. VII. OBTAINING FIXES Security fixes can be downloaded from: http://aix.software.ibm.com/aix/efixes/security ftp://aix.software.ibm.com/aix/efixes/security AIX fixes can be downloaded from: http://www.ibm.com/eserver/support/fixes/fixcentral/main/pseries/aix NOTE: Affected customers are urged to upgrade to the latest applicable Technology Level and Service Pack. VIII. CONTACT INFORMATION If you would like to receive AIX Security Advisories via email, please visit: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd Comments regarding the content of this announcement can be directed to: security-alert@austin.ibm.com To request the PGP public key that can be used to communicate securely with the AIX Security Team you can either: A. Send an email with "get key" in the subject line to: security-alert@austin.ibm.com B. Download the key from a PGP Public Key Server. The key ID is: 0xADA6EB4D Please contact your local IBM AIX support center for any assistance. eServer is a trademark of International Business Machines Corporation. IBM, AIX and pSeries are registered trademarks of International Business Machines Corporation. All other trademarks are property of their respective holders. IX. ACKNOWLEDGMENTS See the specific advisories for details. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (AIX) iD8DBQFINGCqP9Qud62m600RAowRAJ47Fe2qIJkITN9ugGjexJ+cWTDJMQCgypHs SeDl/SPe4XnoQ5dEcRQG4GE= =aIXj - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSDtjOSh9+71yA2DNAQI9EgP/WmXVOwG5C+gKtXb/JEhgv+YdYXqumZFn G8klOcLygU3Fq24S2J4chZEW0xFcsSr6R6K62BIVTLXHb0pNXSRvxyhZN98eM8/a 4/tpgqxUgj7J9zkVBVkNrqrB3Gtg53iOFeYLfrqPK8qluLLsMDf2AbgLXrEx4kqH 6kCGMz3dkCY= =YM/i -----END PGP SIGNATURE-----