Re: aix 4.2 4.3.1, adb

From: Troy A. Bollinger (troyat_private)
Date: Tue Jul 13 1999 - 19:37:01 PDT

Next message: Andrew Alness: "Root Perms Gained with Patrol SNMP Agent 3.2 (all others?)"

Previous message: Paul Murphy: "Re: IGMP fragmentation bug - another behavior"
Maybe in reply to: GZ Apple: "aix 4.2 4.3.1, adb"
Next in thread: Mike Austin: "Re: aix 4.2 4.3.1, adb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii

Quoting GZ Apple (gzappleat_private):
>
> Local users can halt the operating system by 'adb' command under my AIX
> box.
>

This affects AIX 4.2.x and 4.3.x (including 4.3.2).  We're still working
on the official fix, but here's an excerpt from the soon-to-be-released
advisory.

Any questions regarding this vulnerability or other AIX security holes
can be sent to security-alertat_private

--------------------   8<   --------------------

    A temporary fix is available via anonymous ftp from:

       ftp://aix.software.ibm.com/aix/efixes/security/adb_hang.tar.Z

    Filename                 sum              md5
    ======================================================================
    unix_mp.42.adb_hang_fix  00772  2693  960214a1945f2c70311283adc0b231a3
    unix_mp.43.adb_hang_fix  15044  3302  584d1c5ea0223110e2d8eba84388f526


    This temporary fix has not been fully regression tested.  The fix
    consists of a multiprocessor kernel which can be used on either a
    uniprocessor or multiprocessor machine.  There may be a slight
    performance penalty when using a multiprocessor kernel on a
    uniprocessor machine.

    Use the following steps (as root) to install the temporary fix:

    1.  Determine the version of the kernel fileset on your machine.

        # lslpp -l <fileset>

        If the version of the kernel fileset for your machine is not at
        the level described below, install the requisite APAR listed.
        This will help ensure that the temporary kernel fix will run
        properly.

        Release        Fileset            Version        requisite APAR
        ===============================================================
        AIX 4.2.x      bos.mp or bos.up   4.2.1.23       IY00689
        AIX 4.3.x      bos.mp or bos.up   4.3.2.8        IY00727

    2. Uncompress and extract the fix.

        # uncompress < adb_hang.tar.Z | tar xf -
        # cd adb_hang

    3. Review and run the adb_hang.sh script to install the new kernel.

          # view ./adb_hang.sh
          # ./adb_hang.sh

    4. Reboot.


--
Troy Bollinger                            troyat_private
AIX Security Development        security-alertat_private
PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy

--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
MessageID: rBefBmg5uiuoW+pibX6Hzuf9Jvmvk2+O

iQCVAwUBN4v3zMjqvEm3eDEpAQHFHAP9HdUxGfYE2HigDYRy4SDkams9HqUu0oDG
3yzgJSk1PpSo8p2Tk9ZLr0JAKYYWptk/uqj6hSnliApsBBZOSCROhEtCoZEOGLBB
MWVhP8dCg6Z/s6JMa5VybWITHEKFOjQskBdmbMq252W0UlXvKoT5aZ/lR1gjebFC
zWK2Iu+vmto=
=dmhu
-----END PGP SIGNATURE-----

--pf9I7BMVVzbSWLtt--

Next message: Andrew Alness: "Root Perms Gained with Patrol SNMP Agent 3.2 (all others?)"
Previous message: Paul Murphy: "Re: IGMP fragmentation bug - another behavior"
Maybe in reply to: GZ Apple: "aix 4.2 4.3.1, adb"
Next in thread: Mike Austin: "Re: aix 4.2 4.3.1, adb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:10 PDT