[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Cluster 02: VEN-AIX

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes,
I know I am behind but humor me, it's been a rough couple of weeks!!!
- -mike

- -----Original Message-----
From: Steven M. Christey [mailto:coley@linus.mitre.org]
Sent: Thursday, June 17, 1999 2:06 PM
To: cve-review@linus.mitre.org
Subject: Cluster 02: VEN-AIX



This cluster has 10 vulnerabilities.


- ------------------------------------------
Candidate: CAN-1999-0072
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:004.1

Buffer overflow in AIX xdat gives root access to local users.

Accept


- ------------------------------------------
Candidate: CAN-1999-0086
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1998:001.1

AIX routed allows remote users to modify sensitive files.

Modify:  This vulnerability allows debug mode to be turned on which is
the problem.  Should this be more specific in the description? This
one also affects SGI OSes, ref SGI Security Advisory 19981004-PX which
is in the SGI cluster, shouldn't these be cross-referenced as the same
vuln affects multiple OSes.

- ------------------------------------------
Candidate: CAN-1999-0088
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1998:004.1

IRIX and AIX automountd services (autofsd) allow remote users to
execute root commands.
Modify:  Include the SGI Alert as well since it is mentioned in the
description.
SGI Security Advisory 19981005-01-PX

- ------------------------------------------
Candidate: CAN-1999-0089
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:005.1

Buffer overflow in AIX libDtSvc library can allow local users
to gain root access.

Modify: The overflow is in the dtaction utility.  Also affects
dtaction in the CDE on versions of SunOS (SUN 164). Probably should be
specific.
- ------------------------------------------
Candidate: CAN-1999-0090
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:005.1

Buffer overflow in AIX rcp command allows local users to obtain
root access.

Accept
- ------------------------------------------
Candidate: CAN-1999-0091
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:005.1

Buffer overflow in AIX writesrv command allows local users to obtain
root access.

Accept
- ------------------------------------------
Candidate: CAN-1999-0093
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:008.1

AIX nslookup command allows local users to obtain root access by not
dropping privileges correctly.

accept
- ------------------------------------------
Candidate: CAN-1999-0094
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:007.1

AIX piodmgrsu command allows local users to gain additional
group privileges.

Accept
- ------------------------------------------
Candidate: CAN-1999-0097
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:009.1

The AIX FTP client can be forced to execute commands from a malicious
server through shell metacharacters, i.e. in files whose name begins
with a
pipe character.

Modify:  Concur with Adam's modification


- ------------------------------------------
Candidate: CAN-1999-0100
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:002.1

Remote access in AIX innd 1.5.1, using control messages.

accept

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQA/AwUBN3p2yBIUaHPadf5hEQJp1QCePG0LtqQfTfKyr/0c8Jj9zkmKw+UAmQFD
4ivqnyIWOXg92l18+TvytgoU
=4OSd
-----END PGP SIGNATURE-----
Page Last Updated or Reviewed: May 22, 2007