[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : IBM AIX bsh Vulnerability

Title: IBM AIX bsh Vulnerability
Released by: CERT
Date: 3rd June 1994
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1





=============================================================================

CERT(*) Advisory CA-94:10

Original issue date: June 3, 1994

Last revised: September 23, 1997

                Updated copyright statement



Topic:  IBM AIX bsh Vulnerability

- -----------------------------------------------------------------------------



The CERT Coordination Center has learned of a vulnerability in the

batch queue (bsh) of IBM AIX systems running versions prior to and

including AIX 3.2.



CERT recommends disabling the batch queue by following the workaround

instructions in Section III below.  Section III also includes

information on how to obtain fixes from IBM if the bsh queue

functionality is required by remote systems.



We will update this advisory as we receive additional information.

Please check advisory files regularly for updates that relate to your site.



- -----------------------------------------------------------------------------



I.   Description



     The queueing system on IBM AIX includes a batch queue, "bsh",

     which is turned on by default in /etc/qconfig on all versions of

     AIX 3 and earlier.



II.  Impact



     If network printing is enabled, remote and local users can gain

     access to a privileged account.



III. Solution



     In the next release of AIX, the bsh queue will be turned off by

     default.  CERT/CC recommends that the bsh queue be turned off using

     the workaround described in Section A below unless there is an

     explicit need to support this functionality for remote hosts.  If

     this functionality must be supported, IBM provides fixes as

     outlined in Sections B and C below.  For questions concerning

     these workarounds or fixes, please contact IBM at the number

     provided below.



     A. Workaround



        Disable the bsh queue by following one of the two procedures

        outlined below:



        1. As root, from the command line, enter:

           # chque -qbsh -a"up = FALSE"



        2. From SMIT, enter:

           - Spooler

           - Manage Local Printer Subsystem

           - Change/Show Characteristics of a Queue

              select bsh

           - Activate the Queue

              select no



     B. Emergency fix



        Obtain and install the emergency fix for the version(s) of AIX

        used at your site.  Fixes for the various levels of AIX are

        available by anonymous FTP from software.watson.ibm.com.  The

        files are located in /pub/aix/bshfix.tar.Z in compressed tar

        format.  Installation instructions are included in the README

        file included as part of the tar file.



        The directory /pub/aix contains the latest available emergency

        fix for APAR IX44381.  As updates become available, any new

        versions will be placed in this directory with the name

        bshfix<#>.tar.Z with <#> being incremented for each update.

        See the README.FIRST file in that directory for details.



        IBM may remove this emergency fix file without prior notice if

        flaws are reported.  Due to the changing nature of these

        files, no checksum information is available.



     C. Official fix



        The official fix for this problem can be ordered as APAR

        IX44381.



        To order APARs from IBM in the U.S., call 1-800-237-5511 and

        ask that it be shipped to you as soon as it is available.  To

        obtain APARs outside of the U.S., contact your local IBM

        representative.



- ---------------------------------------------------------------------------

The CERT Coordination Center wishes to thank Gordon C. Galligher of

Information Resources, Inc.  for reporting this problem and IBM

Corporation for their support in responding to this problem.

- ---------------------------------------------------------------------------



If you believe that your system has been compromised, contact the CERT

Coordination Center or your representative in Forum of Incident

Response and Security Teams (FIRST).



If you wish to send sensitive incident or vulnerability information to

CERT via electronic mail, CERT strongly advises that the e-mail be

encrypted.  CERT can support a shared DES key, PGP (public key

available via anonymous FTP on info.cert.org), or PEM (contact CERT

for details).



Internet E-mail: cert@cert.org

Telephone: 412-268-7090 (24-hour hotline)

           CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),

           and are on call for emergencies during other hours.



CERT Coordination Center

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

USA



Past advisories, information about FIRST representatives, and other

information related to computer security are available for anonymous FTP from

info.cert.org.



- ------------------------------------------------------------------------------



Copyright 1994, 1996 Carnegie Mellon University.

 Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.



CERT is registered in the U.S. Patent and Trademark Office.





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Revision history



Sep. 23. 1997   Updated copyright statement

Aug. 30, 1996   Removed references to README files because advisories

                themselves are now updated.





-----BEGIN PGP SIGNATURE-----

Version: PGP for Personal Privacy 5.0

Charset: noconv



iQA/AwUBOBTAG1r9kb5qlZHQEQLFZgCdF66t5CgPlWaKWd0PPtnGEep0A5wAn2Mo

rRG38QjgKC5jlqG3I0ROnH9v

=q2cn

-----END PGP SIGNATURE-----








(C) 1999-2000 All rights reserved.