Security Problem with AIX 3.2 and AIX 3.1.5 w/ PTF 2007

Security Problem with AIX 3.2 and AIX 3.1.5 w/ PTF 2007

Post by Steven Lebowi » Wed, 01 Apr 1992 22:08:32



SECURITY PROBLEM WITH AIX 3.2 and AIX 3.1.5 WITH PTF 2007                      

 March 30, 1992                                                                

 All users of AIX 3.2 and those users of AIX 3.1.5 with PTF 2007                
 installed have a security exposure for which a fix is available.              
 The passwd command on these systems will allow users access to                
 unauthorized files.  IBM has available a permanent fix for this                
 problem which will be automatically shipped to all affected                    
 licensees in the U.S.  Until users apply this fix it is recommended that      
 permission on the passwd command be changed by issuing the following          
 command from the user with root authority.  This will temporarily              
 restrict password updating for all other users until application of the        
 permanent fix.                                                                

                 chmod 500 /bin/passwd                                          

 Affected licensees can expect to receive the permanent fix by                  
 April 15, 1992.  Users who require the permanent solution prior to            
 receiving the automatic shipment from IBM should order the PTF for            
 APAR IX23505.  This fix may be ordered from Software Support at                
 1-800-237-5511 or by anonymous ftp from software.watson.ibm.com                
 on the Internet. To order via anonymous ftp on Internet, read                  
 the posting in comp.unix.aix.                                                  

 Shipments of AIX 3.1.5 Updates and AIX 3.2 scheduled after                    
 April 10, 1992 will incorporate the fix to this problem.                      

--
     Standard Disclaimer:  All opinions expressed are solely my own.
Steven Lebowitz                               IBM Federal Sector Division
(301) 564-2613                                6705 Rockledge Drive

 
 
 

Security Problem with AIX 3.2 and AIX 3.1.5 w/ PTF 2007

Post by Brutus Thornapp » Thu, 02 Apr 1992 07:22:03



Quote:>SECURITY PROBLEM WITH AIX 3.2 and AIX 3.1.5 WITH PTF 2007

[etc etc]

Quote:> APAR IX23505.  This fix may be ordered from Software Support at
> 1-800-237-5511 or by anonymous ftp from software.watson.ibm.com                
> on the Internet.

the fix for the 3.2 version is 268K or so. the anon. ftp server (IBM
RT) quits sending after 200K.  it's a problem i've seen on RTs before.
right now 3.2 sites can only get the fix through the 800 number.  can
someone fix this so that anon. ftp works?

thanks

eliot

 
 
 

Security Problem with AIX 3.2 and AIX 3.1.5 w/ PTF 2007

Post by Ronald Harv » Thu, 02 Apr 1992 09:56:24


The fix for 3.2 is really about 2MB in size, and I had no trouble pulling
it to my little 320H from way out here 40 hops from the center of the
universe.

Perhaps your transfer is going dormant and some machine is timing out
the connection?
--
Ronald B. Harvey, ICN 862-5234 or + 1 (602) 862-5234; FAX:  862-6105

 
 
 

Security Problem with AIX 3.2 and AIX 3.1.5 w/ PTF 2007

Post by Gerry Hawki » Sat, 04 Apr 1992 23:33:09



Quote:>SECURITY PROBLEM WITH AIX 3.2 and AIX 3.1.5 WITH PTF 2007

> IBM has available a permanent fix for this
> problem which will be automatically shipped to all affected
> licensees in the U.S.

                   ^^^
And in Canada??

>--
>     Standard Disclaimer:  All opinions expressed are solely my own.
>Steven Lebowitz                               IBM Federal Sector Division
>(301) 564-2613                                6705 Rockledge Drive


----------------------------------------|       ///\

A product of genius is also,            |     //  \\ __   Corporate Headquaters
a product of enthusiasm.                |    //    \\\/   TORONTO, Canada
 
 
 

1. PTF for IX32875 (AIX 3.2.x) ??

Dear AIX'er,

    does somebody know if there exists a PTF for AIX 3.2.x
for the APAR IX32875 yet?
The software support center Germany---Mainz is *NOT* able to
send me a fix for that problem :-((.

    The problem is, that an (mit) xterm is not correct logged in /etc/utmp
and no message exists for any xterm's. So no talk, write etc. is possible.

Thanks for your help,
please answer by PM,
Stefan

+------------------------------------------------------------------------------+
| Stefan A. Muehlenweg                                Institut fuer Meereskunde|

|                                                     Troplowitzstrasse 7      |
|                                                     D-2000 Hamburg 54        |
| telemail: ifm.hamburg -- Fax. +49 (40) 675 36 35 -- Tel. +49 (40) 4123 5745  |
+------------------------------------------------------------------------------+

2. test

3. AIX 3.1.5 (2007) Mail Problems

4. Object-Oriented Operating System

5. AIX 3.1 PUT Levels... 3005 or 2007?

6. ADVERT: Caesarion v8

7. How to map CECP <-> AIX Code for tn3270 for AIX 3.2?

8. Can Linux Read Windows NT File System (NTFS) ?

9. Need help with executables compiled on AIX 4.3 but being run on AIX 3.2

10. Install AIX V4.2.1 on H50 which installed AIX V4.3.2 already

11. AIX 3.2 vs AIX 4.1 Implementation of Berkeley sockets

12. Install package AiX 3.2 on AiX 4.3

13. Malloc AIX 3.1 vs. AIX 3.2