infod su AIX
il programma infod su AIX, che server per leggere la documentazione sul
S.O. e sul software, e' affetto da bug che permetterebbero ad utenti
locali di acquisire privilegi di root. nel bollettino sono indicate le
contromisure da prendere o le patch da installare.
--- [CREDIT] --------------------------------------------------------------
Andrew Green: Discovered the vulnerability
Mark Zielinski: Author of the advisory
--- [SUMMARY] -------------------------------------------------------------
Announced: November 09, 1998
Report code: RSI.0011.11-12-98.AIX.INFOD
Report title: AIX infod
Vulnerability: Please see the details section
Vendor status: AIX contacted on November 12, 1998
Patch status: IBM is currently working on several fixes
Platforms: AIX 3.2.x, 4.1.x, 4.2.x, 4.3.x
Reference: http://www.repsec.com/advisories.html
Impact: If exploited, an attacker could potentially compromise
root access locally on your server
--- [DETAILS] -------------------------------------------------------------
Description: The Info Explorer daemon is a AIX utility which is used
to provide documentation for the operating system and
associated programs.
Problem: The info daemon does not perform any validation on information
passed to the local socket that it is bound to. Users on the
system can send false information to the daemon and trick
it into spawning a connection to the intruders X display.
Details: By sending a UID and GID of 0, along with a false environment,
infod will be forced into spawning a connection with root
privileges to the intruder's X display.
Once the program appears on the screen, they can goto
the default options menu and change the printer command
line to an alternate binary such as /bin/sh that gives
privileges to the account the session was spawned under.
--- [FIX] -----------------------------------------------------------------
Solution: IBM is currently working on the following fixes which will be
available soon:
AIX 3.2.x: upgrade to version 4
AIX 4.1.x: IX84640
AIX 4.2.x: IX84641
AIX 4.3.x: IX84642
Until the fixes can be applied, the infod daemon should be disabled.
Run the following commands as root:
# stopsrc -s infod
# rmitab infod
# chown root.system /usr/lpp/info/bin/infod
# chmod 0 /usr/lpp/info/bin/infod
---------------------------------------------------------------------------
Repent Security Incorporated (RSI)
13610 N. Scottsdale Rd.
Suite #10-326
Scottsdale, AZ 85254
E-Mail: advise@repsec.com
FTP: ftp://ftp.repsec.com
WWW: http://www.repsec.com
---------------------------------------------------------------------------
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzU6dqAAAAEEAOHt9a5vevjD8ZjsEmncEbFp2U7aeqvPTcF/8FJMilgOVp75
dshXvZixHsYU7flgCNzA7wLIQPWBQBrweLG6dx9gE9e5Ca6yAJxZg8wNsi06tZfP
nvmvf6F/7xoWS5Ei4k3YKuzscxlyePNNKws6uUe2ZmwVoB+i3HHT44dOafMhAAUT
tBpSZXBTZWMgPGFkdmlzZUByZXBzZWMuY29tPg==
=ro8H
-----END PGP PUBLIC KEY BLOCK-----