Copy Link
Add to Bookmark
Report
Modernz 60
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
/* *\
/ * * \
/ * * \
/ * * \
/ * System Vulnerabilities * \
| * * |
| * * |
| * * |
| * Another Modernz Presentation * |
| * * |
\ * by * /
\ * Multiphage * /
\ * * /
\ * (C)opyright July 5th, 1992 * /
\ * */
*********************************************************
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*******************************************************************************
The Modernz can be contacted at:
MATRIX BBS
WOK-NOW!
World of Kaos NOW!
World of Knowledge NOW!
St. Dismis Institute
- Sysops: Wintermute
Digital-demon
(908) 905-6691
(908) WOK-NOW!
(908) 458-xxxx
1200/2400/4800/9600
14400/19200/38400
Home of Modernz Text Philez
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
TANSTAAFL
Pheonix Modernz
The Church of Rodney
- Sysop: Tal Meta
(908) 830-TANJ
(908) 830-8265
Home of TANJ Text Philez
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
CyberChat
Sysop: Hegz
(908)506-6651
(908)506-7637
300/1200/2400/4800/9600
14400/19200/38400
Modernz Site
TLS HQ
<><><><><><><><><><><><><><<><<><><><><><><><><><><><><><><><><><><><><><><><><
The Global Intelligence Center
World UASI Headquarters!
Pennsylvania SANsite!
(412) 475-4969 300/1200/2400/9600
24 Hours! SysOp: The Road Warrior
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
The Lost Realm
Western PA UASI site!
Western PA. SANfranchise
(412) 588-5056 300/1200/2400
SysOp: Orion Buster
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
The Last Outpost
PowerBBS Support Board
UASI ALPHA Division
NorthWestern PA UASI site!
(412) 662-0769 300/1200/2400
24 hours! SysOp: The Almighty Kilroy
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
Hellfire BBS
SANctuary World Headquarters!
New Jersey UASI site!
(908) 495-3926 300/1200/2400
24 hours! SysOp: Red
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
BlitzKreig BBS
Home of TAP
(502)499-8933
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
===========================================================================
AIX uucp Vulnerability
---------------------------------------------------------------------------
Information concerning a vulnerability with the UUCP software in
versions of AIX up to 2007. The vulnerability does not exist in
AIX 3.2.
IBM is aware of this problem, and a fix is available as apar number
"ix18516". This patch is available for all AIX releases from GOLD to
2006.
The fix is in the 2007 update and 3.2 release of AIX. IBM customers may
call IBM Support (800-237-5511) and ask that the fix be shipped to them.
Patches may be obtained outside the U.S. by contacting your local IBM
representative.
---------------------------------------------------------------------------
I. Description
Previous versions, except AIX 3.2, of the UUCP software contained
incorrectly configured versions of various files.
II. Impact
Local users can execute unauthorized commands and gain unauthorized
root access.
III. Solution
- If allowing users access to the uucp isn't necessary, disable it.
% chmod 0100 /usr/bin/uucp
- Obtain the fix from IBM Support.
- Install the fix following the instructions in the README file.
===========================================================================
AIX /bin/passwd Vulnerability
---------------------------------------------------------------------------
Information concerning a vulnerability with the passwd command in
AIX 3.2 and the 2007 update of AIX 3.1.
IBM is aware of this problem, and a fix is available as apar number
"ix23505". Patches are available for AIX 3.2 and the 2007 update of
AIX 3.1.
This fix may be ordered from Level 2 support or by anonymous ftp from
software.watson.ibm.com (129.34.139.5) on the Internet.
1. To order from IBM call 1-800-237-5511 and ask
that the fix be shipped. Patches may be obtained
outside the U.S. by contacting your local IBM
representative.
2. If you are on the Internet, use anonymous ftp to obtain
the fix from software.watson.ibm.com.
Patch Filename Checksum
AIX 3.2 pub/aix3/pas.32.tar.Z 54431 2262
AIX 3.1 2007 pub/aix3/pas.31.tar.Z 06703 99
Patches should be retrieved using binary mode.
IBM is currently incorporating the fix into the 3.2 version and 3.1
updates of AIX. Future shipments of these products should not be
vulnerable to this problem. If you have any questions about products
you receive, please contact your IBM representative.
---------------------------------------------------------------------------
I. Description
The passwd command contains a security vulnerability.
II. Impact
Local users can gain unauthorized root access.
III. Solution
A. As root, disable /bin/passwd until you obtain and install
the patch.
# chmod 0500 /bin/passwd
B. Obtain the fix from IBM and install according to the
directions provided with the patch.
