mailing list archives
Re: Breaking Finger in AIX 4.2
From: troy () AUSTIN IBM COM (Troy A. Bollinger)
Date: Tue, 20 Oct 1998 18:38:06 -0500
Quoting aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (axon2017
() STUDENTS JOHNCO CC KS US):
I just found this out yesterday, and I don't think it's been in the
postings before, but on AIX (I tested this on 4.2) if one's gecos field
is set to more than 99 characters, Finger starts acting really strange.
This is fixed with the following APARs:
Abstract: "HOT: CERT: possible buffer overflow in finger daemon"
4.1.x APAR: IX67317
4.2.x APAR: IX67318
4.3.x APAR: not vulnerable
IBM AIX APARs may be ordered using Electronic Fix Distribution (via the
FixDist program), or from the IBM Support Center. For more information
on FixDist, and to obtain fixes via the Internet, please reference
or send email to "aixserv () austin ibm com" with the word "FixDist" in the
To facilitate ease of ordering all security related APARs for each AIX
release, security fixes are periodically bundled into a cumulative APAR.
For more information on these cumulative APARs including last update and
list of individual fixes, send email to "aixserv () austin ibm com" with
the word "subscribe Security_APARs" in the "Subject:" line.
.-= axon2017 () students jccc net =-.
Troy Bollinger troy () austin ibm com
AIX Security Development security-alert () austin ibm com
PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
- Last (hopefully) update on GroupWise, (continued)