===================================================================== CERT-Renater Note d'Information No. 2004/VULN279 _____________________________________________________________________ DATE : 10/06/2004 HARDWARE PLATFORM(S) : IBM. OPERATING SYSTEM(S) : AIX. ====================================================================== IBM SECURITY ADVISORY First Issued: Thu Apr 22 15:17:51 CDT 2004 | Updated: Mon Jun 7 17:18:58 CDT 2004 | Updated APAR availability. =========================================================================== VULNERABILITY SUMMARY VULNERABILITY: Potential vulnerability in Network Table and Switch Table manipulation code that allows execution of arbitrary commands or code. PLATFORMS: Parallel Environment 3.2 and 4.1 SOLUTION: Apply the APARs as described below. THREAT: A local attacker may execute arbitrary commands with root privileges. CERT VU Number: N/A CVE Number: N/A =========================================================================== DETAILED INFORMATION I. Description =============== A potential vulnerability was discovered in sample code that demonstrates how to use the Switch Table API's provided with Parallel Environment 3.2 and 4.1. Sample code that demonstrates how to use the Network Table API's on PE 4.1 is also vulnerable. This vulnerability will allow a local attacker to execute arbitrary commands with root privileges. This issue was discovered internally; at this time, based on current information there are no known exploits in the wild. II. Impact ========== A local attacker may execute arbitrary commands with root privileges. III. Solutions =============== A. Official Fix IBM provides the following fixes: | Updated: Mon Jun 7 17:18:58 CDT 2004 | Updated APAR availability. | APAR number for PE 3.2: IY56382 (available) APAR number for PE 4.1: IY56383 (available) NOTE: Affected customers are urged to upgrade to 3.2 or 4.1 at the latest maintenance level In addition to applying the APARs, system administrators should ensure that there are no executables on the system that where compiled from /usr/lpp/ppe.poe/samples/swtbl/swtbl_api.c or /usr/lpp/ppe.poe/samples/ntbl/ntbl_api.c. If these files were compiled using the makefiles provided, they would have been named swtbl_api and ntbl_api respectively. If it is not possible to remove these commands, remove the setuid and setgid bits to prevent an unprivileged user from executing the commands will the privileges of the user or group that owns the executable. IV. Obtaining Fixes =================== PE APARs can be downloaded from the eServer pSeries Fix Central web site: http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp V. Contact Information ======================== If you would like to receive AIX Security Advisories via email, please visit: https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs Comments regarding the content of this announcement can be directed to: security-alert@austin.ibm.com To request the PGP public key that can be used to communicate securely with the AIX Security Team send email to security-alert@austin.ibm.com with a subject of "get key". The key can also be downloaded from a PGP Public Key Server. The key id is 0x3AE561C3. Please contact your local IBM AIX support center for any assistance. eServer is a trademark of International Business Machines Corporation. IBM, AIX and pSeries are registered trademarks of International Business Machines Corporation. All other trademarks are property of their respective holders. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================