Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login

From: Florian Weimer (Florian.Weimerat_private-Stuttgart.DE)
Date: Thu Dec 13 2001 - 03:04:03 PST

Next message: KF: "Older Webmin install /tmp"

Previous message: martin rakhmanoff: "WRSHDNT 2.21.00 CPU overusage"
Next in thread: Scott Howard: "Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

CERT Advisory <cert-advisoryat_private> writes:

> IBM
> 
>    IBM's  AIX  operating system, versions 4.3 and 5.1, are susceptible to
>    this  vulnerability.

Previous versions of AIX seem to be affected, too.  At least AIX 4.2
comes with a login implementation which offers the same environment
variable passing functionality found in AIX 4.3, and passing large
numbers of arguments results in strange behavior.  The tested login
implementation seems to be contained in:

  Fileset                      Level  State  Description 
  ---------------------------------------------------------------------------- 
  bos.rte.security           4.2.1.0    C    Base Security Function 
                             4.2.1.1    C    Base Security Function 

-- 
Florian Weimer 	                  Florian.Weimerat_private-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Next message: KF: "Older Webmin install /tmp"
Previous message: martin rakhmanoff: "WRSHDNT 2.21.00 CPU overusage"
Next in thread: Scott Howard: "Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 13 2001 - 16:15:07 PST