Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: (forw) rsh bufferoverflow on AIX 4.2
From: Troy Bollinger <troy () austin ibm com>
Date: Tue, 12 Jun 2001 12:02:50 -0500

Quoting ymc () iss com tw:
From: "ox" <ymc () iss com tw>
To: <bugtraq () securityfocus com>
Subject: rsh bufferoverflow on AIX 4.2 
Date: Tue, 12 Jun 2001 11:40:20 +0800
Message-ID: <NFBBLJDKGKGPELLLMCNEOELICAAA.ymc () iss com tw>
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)

Hello bugtraq, 

I am sorry if the problem had been found before, that is
bufferoverflow what I found  both /usr/bin/rsh and
/usr/lpp/ssp/rcmd/bin/rsh. 


Hi,
Based on the gdb session you've gave, it appears that this is the same
vulnerability as reported to bugtraq back in 1996.  It can be fixed by
applying one of the following APARs:

   Abstract:  buffer overflow in gethostbyname()
   3.2 APAR:  IX60927
   4.1 APAR:  IX61019
   4.2 APAR:  IX62144

If you have further questions regarding this vulnerability or other AIX
security issues, you can reach the AIX security team at:

   mailto:security-alert () austin ibm com

-- 
Troy Bollinger <troy () austin ibm com>
Network Security Analyst
PGP keyid: 1024/0xB7783129
Troy's opinions are not IBM policy


  By Date           By Thread  

Current thread:
  • Re: (forw) rsh bufferoverflow on AIX 4.2 Troy Bollinger (Jun 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]