[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : AIX TFTP Daemon Vulnerability

Title: AIX TFTP Daemon Vulnerability
Released by: CERT
Date: 17th October 1991
Printable version: Click here

Hash: SHA1



Last Revised:  September 18,1997

                Attached copyright statement

                                CERT Advisory

                              October 17, 1991

                        AIX TFTP Daemon Vulnerability

- ---------------------------------------------------------------------------

The Computer Emergency Response Team/Coordination Center (CERT/CC) has

received information concerning a vulnerability in the TFTP daemon in

all versions of AIX for IBM RS/6000 machines.

IBM is aware of this problem and a fix is available as apar number "ix22628".

This patch is available for all AIX releases from "GOLD" to the current



a security hole in the original patch.  The SCCS id of the correct patch

is tftpd.c (*not* or earlier versions).  This can be 

checked using the following "what" command.

    % what /etc/tftpd


       56  tftpd.c, tcpip, tcpip312 10/10/91 09:01:48

       tftpsubs.c      1.2  com/sockcmd/tftpd,3.1.2,9048312 10/8/89 17:40:55

IBM customers may call IBM Support (800-237-5511) and ask that the fix

be shipped to them.  The fix will appear in the upcoming 2009 update

and the next release of AIX.

- ---------------------------------------------------------------------------

I.   Description

     Previous versions of tftpd did not provide a method for restricting 

     TFTP access.

II.  Impact

     If TFTP is enabled at your site, anyone on the Internet can retrieve

     copies of your site's world-readable files, such as /etc/passwd.

III. Solution


     A. Sites that do not need to allow tftp access should disable it.

        This can be done by editing /etc/inetd.conf and deleting or

        commenting out the tftpd line:

        #tftp     dgram     udp    wait    nobody  /etc/tftpd     tftpd -n

        and then, as root, restarting inetd with the "refresh" command.

            # refresh -s inetd

        For more details on starting/stopping tftp, refer to documentation

        for the System Resource Controller (SRC) or the System Management

        Interface Tool (SMIT).

     B. Sites that must run tftpd (for example, to support X terminals)

        should obtain and install the above patch AND create a

        /etc/tftpaccess.ctl file to restrict the files that are accessible.

        The /etc/tftpaccess.ctl file should be writable only by root.

        Although the new /etc/tftpaccess.ctl mechanism provides a very general

        capability, the CERT/CC strongly recommends that sites keep this

        control file simple.  For example, the following tftpaccess.ctl file

        is all that is necessary to support IBM X terminals:

        # /etc/tftpaccess.ctl

        # By default, all files are restricted if /etc/tftpaccess.ctl exists.

        # Allow access to X terminal files.


        NOTE: Be CERTAIN to create the /etc/tftpaccess.ctl file.

        If it does not exist then all world-readable files are accessible

        as in the current version of tftpd.

        Installation Instructions:

        1.  Create an appropriate /etc/tftpaccess.ctl file.

        2.  From the directory containing the new tftpd module, issue

            the following commands as root.


            # chmod 644 /etc/tftpaccess.ctl

            # chown root.system /etc/tftpaccess.ctl

            # mv /etc/tftpd /etc/tftpd.old

            # cp tftpd /etc

            # chmod 755 /etc/tftpd

            # chown root.system /etc/tftpd

            # refresh -s inetd

- ---------------------------------------------------------------------------

The CERT/CC wishes to thank Karl Swartz of the Stanford Linear Accelerator

Center for bringing this vulnerability to our attention.

- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact CERT/CC via

telephone or e-mail.

Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 24-hour hotline:

           CERT/CC personnel answer 7:30a.m.-6:00p.m. EST/EDT,

           on call for emergencies during other hours.

Past advisories and other computer security related information are available

for anonymous ftp from the cert.org ( system.

- ----------------------------------------------------------------------------

Copyright 1991 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision History

September 18,1997  Attached Copyright Statement


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.