From: Jarzombek, Svend (Svend.Jarzombek@ALCOA.COM)
Date: Fri Feb 27 2004 - 02:55:59 EST
Hi Ruby,
see attached TSB.
Svend
-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
Ruby Domalanta
Sent: Freitag, 27. Februar 2004 08:51
To: aix-l@Princeton.EDU
Subject: X font information buffer overflow in AIX
Hi Guys,
We had get some reports that AIX X-server has this vulnerability in
"font.alias" file parsing privilege. It stated from the article that
there is a potential exploitation of a buffer overflow in the X-server.
Would the IBM really acknowledge this report?
<http://secunia.com/advisories/10922>
http://secunia.com/advisories/10922
Any comments/suggestions is really appreciated.
Thanks,
Ruby Ann Domalanta
attached mail follows:
You have received this email because svend.jarzombek@alcoa.com is subscribed to support bulletins for selected topics. Following are updates for one or more of the topics you requested.
BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
IBM SECURITY ADVISORY
First Issued: Wed Feb 18 10:55:22 CST 2004
| Updated: Thu Feb 19 14:24:49 CST 2004
| Modified efix package information.
===========================================================================
VULNERABILITY SUMMARY
VULNERABILITY: A buffer overflow that exists in the X server
can be exploited to gain root privileges.
PLATFORMS: AIX 4.3, 5.1 and 5.2.
SOLUTION: Apply the efixes or APARs as described below.
THREAT: A local attacker can gain root privileges.
CERT VU Number: n/a
CVE Number: CAN-2004-0083
===========================================================================
DETAILED INFORMATION
I. Description
===============
A buffer overflow exists in the X server.
This vulnerability can be exploited by an attacker who has the ability
to modify the fonts.alias file used by the X server and perform operations
against the X server. The fonts.alias file can only be modified by
root; this makes it difficult for an attacker to exploit this vulnerability.
X ships as part of the X11.base.rte fileset. To determine if this fileset
is installed, execute the following command:
# lslpp -L X11.base.rte
If the fileset is installed it will be listed along with their version
information, state, type and a description.
II. Impact
==========
A local attacker may gain root privileges.
III. Solutions
===============
A. Official Fix
IBM provides the following fixes:
APAR number for AIX 4.3.3: IY53508 (approx. 03/10/04)
APAR number for AIX 5.1.0: IY53673 (approx. 04/21/04)
APAR number for AIX 5.2.0: IY53519 (approx. 03/22/04)
NOTE: Affected customers are urged to upgrade to 4.3.3, 5.1.0 or 5.2.0 at
the latest maintenance level.
B. Emergency Fix
================
Efixes are available for AIX 4.3.3, 5.1.0 and 5.2.0. The efixes can be
downloaded via ftp from:
ftp://aix.software.ibm.com/aix/efixes/security/libfont_efix.tar.Z
libfont_efix.tar.Z is a compressed tarball containing this advisory, three
efix packages for 4.3.3, 5.1.0 and 5.2.0 and cleartext PGP signatures for
each efix package.
Verify you have retrieved the efixes intact:
- - --------------------------------------------
The checksums below were generated using the "sum" and "md5sum" commands
and are as follows:
| Updated: Thu Feb 19 14:24:49 CST 2004
| Modified efix package information. The efix packages were updated
| to address installation issues. If the previous efix packages
| were successfully installed, it is not necessary to install
| these updated packages.
Filename sum md5
======================================================================
|libfont43.021904.epkg.Z 16668 1692 582e749bb7cfb9c2fb1c578f941a6dda
|libfont51.021904.epkg.Z 51175 1799 5053c3f483f3cfd03cf0255b7f3cccca
|libfont52.021904.epkg.Z 41434 1760 40e92db7c9d206439b902dfda9b7be32
These sums should match exactly. The PGP signatures in the compressed
tarball and on this advisory can also be used to verify the integrity
of the various files they correspond to. If the sums or signatures cannot
be confirmed, double check the command results and the download site
address. If those are OK, contact IBM AIX Security at
security-alert@austin.ibm.com and describe the discrepancy.
IMPORTANT: If possible, it is recommended that a mksysb backup of the
system is created. Verify it is both bootable, and readable before
proceeding.
These efixes have not been fully regression tested; thus,
IBM does not warrant the fully correct functioning of the efix.
Customers install the efix and operate the modified version of AIX
at their own risk.
Efix Installation Instructions:
- - -------------------------------
These packages use the new Emergency Fix Management Solution to install
and manage efixes. More information can be found at:
http://techsupport.services.ibm.com/server/aix.efixmgmt
To preview an epkg efix installation execute the following command:
# emgr -e epkg_name -p # where epkg_name is the name of the
# efix package being previewed.
To install an epkg efix package execute the following command:
# emgr -e epkg_name -X # where epkg_name is the name of the
# efix package being installed.
The "X" flag will expand any filesystems if required.
IV. Obtaining Fixes
===================
AIX Version 4.3.3 and Version 5 APARs can be downloaded from
the eServer pSeries Fix Central web site:
http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp
Security related Emergency Fixes can be downloaded from:
ftp://aix.software.ibm.com/aix/efixes/security
V. Contact Information
========================
If you would like to receive AIX Security Advisories via email, please visit:
https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs
Comments regarding the content of this announcement can be directed to:
To request the PGP public key that can be used to communicate securely
with the AIX Security Team send email to security-alert@austin.ibm.com
with a subject of "get key". The key can also be downloaded from a
PGP Public Key Server. The key id is 0x3AE561C3.
Please contact your local IBM AIX support center for any assistance.
eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their
respective holders.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQFANTK8+0ah+jrlYcMRAq8iAKDQqc9aCVuFVwLzVBw9p2VbI9HAjgCgkSuY
yvWeQM0BSMAm8hxt+tCkED8=
=ZlvT
-----END PGP SIGNATURE-----
Supported products
<http://www.ibm.com/services/sl/products> Find end of support dates for AIX and software running on AIX
pSeries support
<http://www.ibm.com/servers/eserver/support/pseries> Visit pSeries Support for a wide array of technical resources.
Subscription options
<https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=2> Update your profile
<https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=3> Unsubscribe
More News
<http://isource.ibm.com/world/index.shtml> Sign up for customized weekly newsletter from IBM
_____
_____
IBM, eServer and pSeries are trademarks or registered trademarks of International Business Machines Corporation in the United States or other countries, or both.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:38 EDT