Re: AIX 4.2 dtterm exploit

Bollinger (troy@AUSTIN.IBM.COM)
Tue, 20 May 1997 17:23:46 -0500

-----BEGIN PGP SIGNED MESSAGE-----

Georgi Guninski wrote:
>
> There is a buffer overflow in /usr/dt/bin/dtterm and/or in libXt which
> spawns a root shell.
>

This looks alot like CERT CA-97.11 "Vulnerability in libXt.a". Do
you have the APARs for this installed?

- -------------------- 8< --------------------

IBM Corporation
===============
See the appropriate release below to determine your action.

AIX 3.2
-------
Apply the following fix to your system:

APAR - IX61784,IX67047,IX66713 (PTF - U445908,U447740)

To determine if you have this PTF on your system, run the following
command:

lslpp -lB U445908 U447740

AIX 4.1
-------
Apply the following fix to your system:

APAR - IX61031 IX66736 IX66449

To determine if you have this APAR on your system, run the following
command:

instfix -ik IX61031 IX66736 IX66449

Or run the following command:

lslpp -h X11.base.lib

Your version of X11.base.lib should be 4.1.5.2 or later.

AIX 4.2
-------
Apply the following fix to your system:

APAR - IX66824 IX66352

To determine if you have this APAR on your system, run the following
command:

instfix -ik IX66824 IX66352

Or run the following command:

lslpp -h X11.base.lib

Your version of X11.base.lib should be 4.2.1.0 or later.

To Order
--------
APARs may be ordered using Electronic Fix Distribution (via FixDist)
or from the IBM Support Center. For more information on FixDist,
reference URL:

http://service.software.ibm.com/aixsupport/

or send e-mail to aixserv@austin.ibm.com with a subject of "FixDist".

IBM and AIX are registered trademarks of International Business Machines
Corporation.

- --
+-------------- I do not speak for IBM! -----------------+
|Troy Bollinger | 92CBR600F2|
|AIX Security Development | troy@austin.ibm.com|
+----------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBM4IkcQsPbaL1YgqvAQGWggP8CPrLpK4ceUZ86deWtIVzeXwuqX2OixkM
s113q15+vDBbv5cHLRYks6BVujAFKS6S2QdZGqjrEyFGJfiQeAwZfHU26W/Wi6E+
8HUHGj1aMHMtxBSBFNGuj97lCRHKrXrPA3xMCCnXgRnLM8dahv31WE3sZ1BVeN4d
2iqFqYNoE1s=
=3d1z
-----END PGP SIGNATURE-----