[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Cluster 02: VEN-AIX



Don't worry; you're not the only one...

> -----Original Message-----
> From: Prosser, Mike [mailto:mike.prosser@L-3Security.com]
> Sent: Wednesday, June 30, 1999 3:49 PM
> To: cve-review@linus.mitre.org
> Subject: RE: Cluster 02: VEN-AIX
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Yes,
> I know I am behind but humor me, it's been a rough couple of weeks!!!
> - -mike
> 
> - -----Original Message-----
> From: Steven M. Christey [mailto:coley@linus.mitre.org]
> Sent: Thursday, June 17, 1999 2:06 PM
> To: cve-review@linus.mitre.org
> Subject: Cluster 02: VEN-AIX
> 
> 
> 
> This cluster has 10 vulnerabilities.
> 
> 
> - ------------------------------------------
> Candidate: CAN-1999-0072
> Proposer: 001
> Assigned: 19990617
> Announced: 19990617
> Category: SF
> Reference: ERS:ERS-SVA-E01-1997:004.1
> 
> Buffer overflow in AIX xdat gives root access to local users.
> 
> Accept
> 
> 
> - ------------------------------------------
> Candidate: CAN-1999-0086
> Proposer: 001
> Assigned: 19990617
> Announced: 19990617
> Category: SF
> Reference: ERS:ERS-SVA-E01-1998:001.1
> 
> AIX routed allows remote users to modify sensitive files.
> 
> Modify:  This vulnerability allows debug mode to be turned on which is
> the problem.  Should this be more specific in the description? This
> one also affects SGI OSes, ref SGI Security Advisory 19981004-PX which
> is in the SGI cluster, shouldn't these be cross-referenced as the same
> vuln affects multiple OSes.
> 
> - ------------------------------------------
> Candidate: CAN-1999-0088
> Proposer: 001
> Assigned: 19990617
> Announced: 19990617
> Category: SF
> Reference: ERS:ERS-SVA-E01-1998:004.1
> 
> IRIX and AIX automountd services (autofsd) allow remote users to
> execute root commands.
> Modify:  Include the SGI Alert as well since it is mentioned in the
> description.
> SGI Security Advisory 19981005-01-PX
> 
> - ------------------------------------------
> Candidate: CAN-1999-0089
> Proposer: 001
> Assigned: 19990617
> Announced: 19990617
> Category: SF
> Reference: ERS:ERS-SVA-E01-1997:005.1
> 
> Buffer overflow in AIX libDtSvc library can allow local users
> to gain root access.
> 
> Modify: The overflow is in the dtaction utility.  Also affects
> dtaction in the CDE on versions of SunOS (SUN 164). Probably should be
> specific.
> - ------------------------------------------
> Candidate: CAN-1999-0090
> Proposer: 001
> Assigned: 19990617
> Announced: 19990617
> Category: SF
> Reference: ERS:ERS-SVA-E01-1997:005.1
> 
> Buffer overflow in AIX rcp command allows local users to obtain
> root access.
> 
> Accept
> - ------------------------------------------
> Candidate: CAN-1999-0091
> Proposer: 001
> Assigned: 19990617
> Announced: 19990617
> Category: SF
> Reference: ERS:ERS-SVA-E01-1997:005.1
> 
> Buffer overflow in AIX writesrv command allows local users to obtain
> root access.
> 
> Accept
> - ------------------------------------------
> Candidate: CAN-1999-0093
> Proposer: 001
> Assigned: 19990617
> Announced: 19990617
> Category: SF
> Reference: ERS:ERS-SVA-E01-1997:008.1
> 
> AIX nslookup command allows local users to obtain root access by not
> dropping privileges correctly.
> 
> accept
> - ------------------------------------------
> Candidate: CAN-1999-0094
> Proposer: 001
> Assigned: 19990617
> Announced: 19990617
> Category: SF
> Reference: ERS:ERS-SVA-E01-1997:007.1
> 
> AIX piodmgrsu command allows local users to gain additional
> group privileges.
> 
> Accept
> - ------------------------------------------
> Candidate: CAN-1999-0097
> Proposer: 001
> Assigned: 19990617
> Announced: 19990617
> Category: SF
> Reference: ERS:ERS-SVA-E01-1997:009.1
> 
> The AIX FTP client can be forced to execute commands from a malicious
> server through shell metacharacters, i.e. in files whose name begins
> with a
> pipe character.
> 
> Modify:  Concur with Adam's modification
> 
> 
> - ------------------------------------------
> Candidate: CAN-1999-0100
> Proposer: 001
> Assigned: 19990617
> Announced: 19990617
> Category: SF
> Reference: ERS:ERS-SVA-E01-1997:002.1
> 
> Remote access in AIX innd 1.5.1, using control messages.
> 
> accept
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.0.2
> 
> iQA/AwUBN3p2yBIUaHPadf5hEQJp1QCePG0LtqQfTfKyr/0c8Jj9zkmKw+UAmQFD
> 4ivqnyIWOXg92l18+TvytgoU
> =4OSd
> -----END PGP SIGNATURE-----
> 

 
Page Last Updated: May 22, 2007