Copy Link
Add to Bookmark
Report
Modernz 63
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
/* *\
/ * * \
/ * * \
/ * * \
/ * System Vulnerabilities * \
| * * |
| * * |
| * * |
| * Another Modernz Presentation * |
| * * |
\ * by * /
\ * Multiphage * /
\ * * /
\ * (C)opyright August 14th, 1992 * /
\ * */
*********************************************************
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*******************************************************************************
The Modernz can be contacted at:
MATRIX BBS
WOK-NOW!
World of Kaos NOW!
World of Knowledge NOW!
St. Dismis Institute
- Sysops: Wintermute
Digital-demon
(908) 905-6691
(908) WOK-NOW!
(908) 458-xxxx
1200/2400/4800/9600
14400/19200/38400
Home of Modernz Text Philez
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
TANSTAAFL
Pheonix Modernz
The Church of Rodney
- Sysop: Tal Meta
(908) 830-TANJ
(908) 830-8265
Home of TANJ Text Philez
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
CyberChat
Sysop: Hegz
(908)506-6651
(908)506-7637
300/1200/2400/4800/9600
14400/19200/38400
Modernz Site
TLS HQ
<><><><><><><><><><><><><><<><<><><><><><><><><><><><><><><><><><><><><><><><><
The Global Intelligence Center
World UASI Headquarters!
Pennsylvania SANsite!
(412) 475-4969 300/1200/2400/9600
24 Hours! SysOp: The Road Warrior
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
The Lost Realm
Western PA UASI site!
Western PA. SANfranchise
(412) 588-5056 300/1200/2400
SysOp: Orion Buster
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
The Last Outpost
PowerBBS Support Board
UASI ALPHA Division
NorthWestern PA UASI site!
(412) 662-0769 300/1200/2400
24 hours! SysOp: The Almighty Kilroy
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
Hellfire BBS
SANctuary World Headquarters!
New Jersey UASI site!
(908) 495-3926 300/1200/2400
24 hours! SysOp: Red
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
BlitzKreig BBS
Home of TAP
(502)499-8933
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
===========================================================================
Silicon Graphics Computer Systems "IRIX" lp Vulnerability
---------------------------------------------------------------------------
Information concerning a method of unauthorized root access in the
lp software in Silicon Graphics Computer Systems (SGI) IRIX
operating systems. This vulnerability is present in all current
versions of IRIX.
Silicon Graphics Computer Systems and the CERT/CC strongly recommend
that sites take immediate action to eliminate this vulnerability from
their systems.
This vulnerability will be fixed in IRIX 4.0.5 and is NOT present in any
version of the Trusted IRIX/B product.
---------------------------------------------------------------------------
I. Description
When IRIX pre-4.0.5 systems are installed or updated using either
the basic system software ("eoe1.sw.unix") or the system manager
software ("eoe2.sw.vadmin") media, a vulnerability is introduced
in the lp software.
II. Impact
Any user logged into the system can gain root access.
III. Solution
As root, execute the following commands:
# cd /usr/lib
# chmod a-s,go-w lpshut lpmove accept reject lpadmin
# chmod go-ws lpsched vadmin/serial_ports vadmin/users vadmin/disks
# cd /usr/bin
# chmod a-s,go-w disable enable
# chmod go-ws cancel lp lpstat
If the eoe2.sw.vadmin software is not installed, you may
ignore any warning messages from chmod such as:
"chmod: WARNING: can't access vadmin/serial_ports"
If system software should ever be reinstalled from pre-4.0.5
media or restored from a backup tape created before the patch was
applied, repeat the above procedure before enabling logins by
normal users.
---------------------------------------------------------------------------
===========================================================================
AIX Anonymous FTP Vulnerability
---------------------------------------------------------------------------
Information concerning a vulnerability in the anonymous FTP
configuration in all versions of AIX.
IBM is aware of this problem and a fix is available as apar number
"ix23944". This patch is available for all AIX releases from "GOLD".
IBM customers may call IBM Support (800-237-5511) and ask that the fix
be shipped to them. Patches may be obtained outside the U.S. by contacting
your local IBM representative. The fix will appear in the upcoming 2009
update and the next release of AIX.
---------------------------------------------------------------------------
I. Description
Previous versions of the anonymous FTP installation script,
/usr/lpp/tcpip/samples/anon.ftp, incorrectly configured various files
and directories.
II. Impact
Remote users can execute unauthorized commands and gain access to the
system if anonymous FTP has been installed.
III. Solution
A. Obtain the fix from IBM Support. The fix contains three
files: a "readme" file (README.a23944), the fix installation
script (install.a23944), and an archive containing the updated
files (PATCH.a23944.Z).
B. Install the fix following the instructions in the README file.
