Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Security_APARs (fwd)
From: <uid0 () catastrophe net>
Date: Tue, 26 Jun 2001 11:44:45 -0500 (CDT)


This is from IBM. I don't know why they do not post to BUGTRAQ directly.


---------- Forwarded message ----------
Date: Fri, 22 Jun 2001 21:36:28 -0500
From: AIX Service Mail Server <aixserv () austin ibm com>
Subject: Re: Security_APARs

This is a list of security related APARs for current releases of AIX.
To facilitate ease of ordering all security related APARs for each
release can be ordered using the following packaging APARs.

  AIX 4.3:   IY19897    (updated 6/2001)

APARs can be ordered using FixDist.  For additional information on FixDist
send e-mail with a subject of "FixDist" to aixserv () austin ibm com, or
refer to the following URL:

  http://techsupport.services.ibm.com/rs6k/fixes.html
===========================================================================
AIX 4.3 APARs

IX72045  CDE LOGIN GIVES INVALID USER NAME MESSAGE BEFORE PW ENTERED
IX72553  SECURITY: VULNERABILITY IN I/O SIGNAL HANDLING
IX73077  SECURITY: FTP BOUNCE VULNERABILITY
IX73214  SECURITY: TELNET DENIAL OF SERVICE ATTACK
IX73438  SECURITY: VULNERABILITY IN DTAPPGATHER
IX73586  SECURITY HOLE IN FTP, TFTP, UTFTP
IX73836  /ETC/HOSTS.EQUIV IS ALLOWING WRONG USERS TO LOG IN
IX73951  SECURITY: ROUTED SHOULD IGNORE TRACE PACKETS
IX73961  PCNFSD DAEMON UPDATES WTMP FILE INCORRECTLY
IX74296  PROGRAMS USING LEX GENERATED SOURCE COREDUMP
IX74599  SECURITY: VULNERABILITY IN DIGEST
IX74793  SECURITY HOLE IN TN3270
IX74802  CSH CORE DUMPS WHEN ENV VARIABLE IS LONGER THAN 2K
IX75275  SECURITY: LOGSYMPTOM FOLLOWS SYMLINKS
IX75554  SECURITY: TIMEX CREATES INSECURE TEMPORARY FILES
IX75564  ETHERNET DRIVER PASSES PACKETS TOO SMALL CAUSING CRASH
IX75566  SECURITY: NON-ROOT USERS CAN CREATE AND BIND TO AF_NDD SOCKETS
IX75761  BAD FILE HANDLE CAN CRASH LOCK DAEMON
IX75840  SECURITY: DEAD.LETTER CREATED WITH GROUP PRINTQ
IX75864  SECURITY:  /BIN/MAN CREATES INSECURE TEMPORARY FILES
IX76015  NFS V2 DOES HANDLE 65535 AS A UID
IX76039  SECURITY: DPID2 CORE DUMPS IN WORLD WRITABLE DIRECTORY
IX76040  SECURITY: SNMPD LOG FILE FOLLOWS SYMLINKS
IX76049  SECURITY: CDE TRASHINFO FILE CREATED WORLD-WRITABLE
IX76960  BIND: CERT ADVISORY CA-98.05
IX76962  BIND: CERT ADVISORY CA-98.05
IX77338  SECURITY: SORT CREATES INSECURE TEMPORARY FILES
IX77508  CDE MAILER (DTMAIL) ALLOWS A USER TO READ A MAILBOX WHICH THE
IX77592  SECURITY: PORTMAP CREATES INSECURE TEMPORARY FILES
IX78071  IFCONFIG.AT HAVE A WRONG FILE PERMISSIONS
IX78202  SECURITY: BUFFER OVERFLOWS IN XTERM AND AIXTERM.
IX78248  SECURITY: VULNERABILITY IN GROUP SHUTDOWN
IX78349  SECURITY: BAD PERMISSIONS ON /ETC/SECURITY/LOGIN.CFG
IX78564  SECURITY:LONG FONTNAMES CAN OVERFLOW BUFFERS IN FONTSERVER
IX78612  SECURITY: BUFFER OVERFLOWS IN XAW AND XMU.
IX78646  SECURITY: RC.NET.SERIAL CREATES INSECURE TEMPORARY FILES
IX78719  NFS V2 DOES NOT HANDLE 65535 AS A UID
IX78732  SECURITY: FILES IN /VAR/DT ARE CREATED INSECURELY BY CDE LOGIN
IX79136  SECURITY: INSECURE TEMPORARY FILES IN DIAGSUP SCRIPTS
IX79139  SECURITY: ACLPUT/ACLEDIT CREATE INSECURE TEMPORARY FILES
IX79679  "RCP SECURITY PROBLEM"
IX79681  SECURITY: INSECURE TEMPORARY FILES IN CMDMISC SCRIPTS
IX79682  SECURITY: INSECURE TEMPORARY FILES IN CMDSCCS SCRIPTS
IX79683  SECURITY: INSECURE TEMPORARY FILES IN CMDTZ SCRIPTS
IX79700  SECURITY: INSECURE TEMPORARY FILES IN CMDNLS SCRIPTS
IX79701  SECURITY: INSECURE TEMPORARY FILES IN CMDTEXT SCRIPTS
IX79857  SECURITY HOLE
IX79909  NSLOOKUP CORE DUMPS WITH LONG STRINGS
IX79979  SECURITY: VULNERABILITY IN GROUP SHUTDOWN
IX80036  SECURITY: CRON CREATES INSECURE LOCK FILE
IX80387  SECURITY: INSECURE CREATION OF LPD LOCK FILE
IX80391  SECURITY: INSECURE TEMPORARY FILES IN CMDSNAP SCRIPTS
IX80447  SECURITY: BUFFER OVERFLOWS IN IMAPD
IX80470  SECURITY: PTRACE() PROBLEM WITH SET-GID PROGRAMS
IX80510  SECURITY: DON'T INHERIT CLOSED STDIN,STDOUT,STDERR DESCRIPTORS
IX80543  SECURITY:LIBNSL BUFFER OVERRUNS
IX80548  SECURITY: RAS SCRIPTS SHOULDN'T FOLLOW SYMLINKS
IX80549  SECURITY: /BIN/MORE CREATES INSECURE TEMPORARY FILES
IX80762  SECURITY: /BIN/VI CREATES INSECURE TEMPORARY FILES
IX80792  SECURITY: BUFFER OVERFLOWS IN IMAPD
IX81058  SECURITY: INSECURE TEMPORARY FILES IN CMDBSYS SCRIPTS
IX81077  SECURITY: TTYLOCK() ALLOWS CREATION OF WORLD-READABLE FILES
IX81078  SECURITY: INSECURE TEMPORARY FILES IN CMDFILES SCRIPTS
IX81442  SECURITY: VULNERABILITY IN RPC.TTDBSERVERD
IX81507  SECURITY: MORE VULNERABILITIES IN PCNFSD
IX81999  POST COMMAND SHOULD NOT BE SUID
IX82002  FORCE REXECD USER PRIVILEDGES
IX83752  SECURITY: VULNERABILITY IN AUTOFS
IX84493  SECURITY: VULNERABILITY IN SETGID EXECUTABLES
IX84642  SECURITY: VULNERABILITY IN INFOEXPLORER DAEMON (INFOD)
IX85233  SECURITY : MAILBOX GETS CORRUPTED
IX85556  SECURITY: BUFFER OVERFLOW IN FTP CLIENT
IX85600  BOOTP: CERT ADVISORY
IX86845  SVCAUTH_UNIX CRASH ON NEGATIVE NUMBER
IX87016  REMBAK FAILS WHEN INVOKED WITH VERY LONG USERNAME/HOSTNAME
IX87669  NULL MBUF CAN CRASH SYSTEM IN NFS CODE
IX87727  STOP UNCOMMENTING RPC DAEMONS IN /ETC/INETD.CONF AFTER NFS
IX88021  ADD FINGER TIMEOUT
IX88263  SECURITY: SNAP MAY LEAK SENSITIVE INFORMATION
IX88633  SECURITY: INSECURE TEMPORARY FILES IN /SBIN/RC.BOOT
IX89182  LICENSE SERVER HANGS
IX89415  SECURITY: XAUTH IS BROKEN IN 4.3.X
IX89419  SECURITY: BUFFER OVERFLOW IN DTSPCD
IX89687  SECURITY: NFS SCRIPTS CREATE INSECURE TEMPORARY FILES
IY00892  INSECURE TEMPORARY FILES IN BOS.PERF PACKAGING SCRIPT
IY01439  SECURITY: INSECURE TEMPORARY FILES IN /ETC/RC.POWERFAIL
IY02120  SECURITY: BUFFER OVERFLOW IN NSLOOKUP
IY02397  SECURITY: NON-ROOT USERS CAN USE PTRACE TO CRASH THE SYSTEM
IY02944  SECURITY: BUFFER OVERFLOW IN "DTACTION -U"
IY03849  SECURITY: VULNERABILITY IN TTSESSION
IY04477  SECURITY BUFFER OVERFLOWS IN FTPD
IY04865  SECURITY: NON-ROOT USERS CHANGE SYS INFO VIA SNMPD
IY05249  SECURITY: BUFFER OVERFLOWS IN SNMPD
IY05772  SECURITY: POSSIBLE BUFFER OVERFLOW IN AIXTERM TITLE HANDLING
IY05851  NAMED8: SECURITY VULNERABILITIES IN BIND
IY06059  GENFILT CANNOT FILTER PORT NUMBERS > 32767
IY06367  SECURITY: VULNERABILITY IN DTPRINTINFO
IY06589  BUG IN GET_SEQNUM
IY06694  SECURITY: ANOTHER BUFFER OVERFLOW IN DTSPCD
IY06697  SECURITY: RPC.MOUNTD ALLOWS FILENAME DISCOVERY AGAIN
IY06814  CRASH IN FLTR_IN_CHK() M_COPYDATA()
IY06817  XDM HAS TROUBLE WITH LONG PASSWORDS
IY07265  CHSEC ALLOWS NON-ADMIN USR TO CHANGE ADMIN USER ATTRIBUTES
IY07425  IN CERTAIN CASES, LIBQB ROUTINE CAN CAUSE CORE DUMP
IY07831  SECURITY: BUFFER OVERFLOW IN SETCLOCK
IY07832  SECURITY: ANOTHER BUFFER OVERFLOW IN PORTMIR
IY08128  SECURITY: VULNERABILITY IN MKATMPVC
IY08143  SECURITY: BUFFER OVERFLOWS IN ENQ COMMAND
IY08606  SECURITY: BUFFER OVERFLOW IN _XAIXREADRDB
IY08812  SECURITY: BUFFER OVERFLOW IN SETSENV
IY09514  SECURITY: VULNERABILITY IN FRCACTRL
IY09941  SECURITY: LOCAL USERS CAN GAIN WRITE ACCESS TO SOME FILES
IY10250  DHCPSD: SECURITY: D-O-S ATTACK VULNERABILITY
IY10805  MKATM IS A SHELL SCRIPT AND SHOULDN'T BE SETUID
IY11067  X SERVER FREEZES DUE TO DOS
IY11224  SECURITY: BUFFER OVERFLOW IN XTERM
IY11233  SECURITY: NCS CMDS LINKED WITH INSECURE LINKER ARGUMENT
IY11450  SECURITY: BUFFER OVERRUN IN MIT KERBEROS LIBRARIES
IY12147  NON-ROOT USERS CAN ISSUE THE NETSTAT -Z FLAG
IY12251  SECURITY: POSSIBLE VULNERABILITIES IN ERRPT
IY12638  SECURITY: BUFFER OVERFLOW IN PRINT CMDS
IY13753  SECURITY: FORMAT STRING VULNERABILITY IN LOCALE SUBSYSTEM
IY13780  SECURITY: BUFFER OVERFLOW  IN LIBNTP
IY13781  SECURITY: FORMAT STRING VULNERABILITY IN FTP CLIENT
IY13783  FORMAT STRING VULNERABILITIES IN GETTY'S ERROR LOGGING FUNCS
IY14512  DNS CERT ADVISORY FOR SRV & ZXFR BUGS
IY14537  BUFFER OVERFLOW IN BELLMAIL
IY15146  SYSLOGD:BUFFER OVERFLOW AND IMPROPER CONTROL CHARACTER ESCAPES
IY16182  SECURITY: BUFFER OVERFLOW IN BIND8
IY16214  BUFFER OVERFLOW AND FORMAT STRING VULNERABILITIES IN BIND 4.X
IY16271  SECURITY: INFOLEAK IN NUMEROUS VERSIONS OF NAMED4 AND NAMED8
IY17048  SECURITY: POSSIBLE BUFFER OVERFLOW VULNERABILITY IN CRONTAB
IY17932  SECURITY: IMAPD BUFFER OVERFLOW
===========================================================================


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault