Quoting ymcat_private: > From: "ox" <ymcat_private> > To: <bugtraqat_private> > Subject: rsh bufferoverflow on AIX 4.2 > Date: Tue, 12 Jun 2001 11:40:20 +0800 > Message-ID: <NFBBLJDKGKGPELLLMCNEOELICAAA.ymcat_private> > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) > > Hello bugtraq, > > I am sorry if the problem had been found before, that is > bufferoverflow what I found both /usr/bin/rsh and > /usr/lpp/ssp/rcmd/bin/rsh. > Hi, Based on the gdb session you've gave, it appears that this is the same vulnerability as reported to bugtraq back in 1996. It can be fixed by applying one of the following APARs: Abstract: buffer overflow in gethostbyname() 3.2 APAR: IX60927 4.1 APAR: IX61019 4.2 APAR: IX62144 If you have further questions regarding this vulnerability or other AIX security issues, you can reach the AIX security team at: mailto:security-alertat_private -- Troy Bollinger <troyat_private> Network Security Analyst PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
This archive was generated by hypermail 2b30 : Tue Jun 12 2001 - 17:42:31 PDT