=====================================================================
                                 CERT-Renater

                      Note d'Information No. 2003/VULN355
_____________________________________________________________________

DATE                      : 25/11/2003

HARDWARE PLATFORM(S)      : IBM.

OPERATING SYSTEM(S)       : AIX 4.3.3, 5.1 and 5.2.
                            
======================================================================


IBM SECURITY ADVISORY

First Issued: Fri Nov 14 16:17:32 CST 2003

===========================================================================
                          VULNERABILITY SUMMARY

VULNERABILITY:      Buffer overflow in rcp command.

PLATFORMS:          AIX 4.3.3, 5.1 and 5.2.

SOLUTION:           Apply the APARs as described below.

THREAT:             A local attacker can exploit this buffer overflow
                   to gain root privileges.

CERT VU Number:     n/a
CVE Number:         CAN-2003-0954
===========================================================================
                          DETAILED INFORMATION


I.  Description
===============
The rcp command is used to copy files between a local and remote host,
between two remote hosts or from one file on a remote host to another file
on that same remote host. A buffer overflow condition has been found that
may allow a local attacker to gain root privileges.

This issue was discovered internally. At this time there are no known
exploits.


II. Impact
==========
A local attacker may gain root privileges.

This vulnerability is not remotely exploitable.


III.  Solutions
===============

A. Official Fix
IBM provides the following fixes:

     APAR number for AIX 4.3.3: IY48272 (available)
     APAR number for AIX 5.1.0: IY48747 (available)
     APAR number for AIX 5.2.0: IY49238 (available)

NOTE: Affected customers are urged to upgrade to 4.3.3, 5.1.0 or 5.2.0 at
the latest maintenance level.


IV. Obtaining Fixes
===================

AIX Version 4.3.3 and Version 5 APARs can be downloaded from the eServer
pSeries Support web site:

    https://techsupport.services.ibm.com/server/aix.fdc

V.  Contact Information
========================
If you would like to receive AIX Security Advisories via email, please visit:
    https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs.

Comments regarding the content of this announcement can be directed to:

    security-alert@austin.ibm.com

To request the PGP public key that can be used to encrypt new AIX
security vulnerabilities, send email to security-alert@austin.ibm.com
with a subject of "get key".

Please contact your local IBM AIX support center for any assistance.

eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their
respective holders.


======================================================================

        =========================================================
        Les serveurs de référence du CERT-Renater
        http://www.urec.fr/securite
        http://www.cru.fr/securite
        http://www.renater.fr 
	=========================================================
	+ CERT-RENATER		| tel : 01-53-94-20-44		+
	+ 151 bd de l'Hopital	| fax : 01-53-94-20-41		+
	+ 75013 Paris		| email: certsvp@renater.fr	+
	=========================================================