IBM eNetwork Firewall for AIX

• Previous message: James Stephens: "Re: New Allaire Security Zone Bulletins and KB Articles"
• Next in thread: Marc Heuse: "Re: IBM eNetwork Firewall for AIX"
• Reply: Marc Heuse: "Re: IBM eNetwork Firewall for AIX"
• Reply: Andreas Siegert: "Re: IBM eNetwork Firewall for AIX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The IBM eNetwork Firewall for AIX contains some poorly written scripts,
which create temporary files in /tmp without making any attempt to
validate the existance of the file.  This allows any user with shell
access to such a firewall to corrupt or possibly modify system files by
creating links, pipes, etc with the same name.

In a simple example submitted to IBM, /etc/passwd was overwritten.  This
example has been published on one of their support web pages as a 'local
fix'.

The problem was reported to IBM early in January.  To the best of my
knowledge, the correct procedures have been followed.  Initially, IBM
responded by telling me that it was common practice for software to make
use of /tmp.  They suggested changing the permissions to prevent users
from creating symbolic links to sensitive files.

An APAR (IR39562) was opened on 18/01/99 and closed on 13/03/99.  The
fix has not yet been released.  This definately applies to version 3.2,
and probably others.

Anyone running this software and has users with shell accounts should be
aware that the potential exists for these users to corrupt files which
they dont have access to.

cheers
paul

• Next message: Doug Granzow: "Re: Solaris libc exploit"
• Previous message: James Stephens: "Re: New Allaire Security Zone Bulletins and KB Articles"
• Next in thread: Marc Heuse: "Re: IBM eNetwork Firewall for AIX"
• Reply: Marc Heuse: "Re: IBM eNetwork Firewall for AIX"
• Reply: Andreas Siegert: "Re: IBM eNetwork Firewall for AIX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:07 PDT