-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
CERT(sm) Advisory CA-94:10
Original issue date: June 3, 1994
Last revised: August 30, 1996
             Removed references to README files.

             A complete revision history is at the end of this file.

Topic:  IBM AIX bsh Vulnerability
- -----------------------------------------------------------------------------

The CERT Coordination Center has learned of a vulnerability in the
batch queue (bsh) of IBM AIX systems running versions prior to and
including AIX 3.2.

CERT recommends disabling the batch queue by following the workaround
instructions in Section III below.  Section III also includes
information on how to obtain fixes from IBM if the bsh queue
functionality is required by remote systems.

We will update this advisory as we receive additional information.
Please check advisory files regularly for updates that relate to your site.

- -----------------------------------------------------------------------------

I.   Description

    The queueing system on IBM AIX includes a batch queue, "bsh",
    which is turned on by default in /etc/qconfig on all versions of
    AIX 3 and earlier.

II.  Impact

    If network printing is enabled, remote and local users can gain
    access to a privileged account.

III. Solution

    In the next release of AIX, the bsh queue will be turned off by
    default.  CERT/CC recommends that the bsh queue be turned off using
    the workaround described in Section A below unless there is an
    explicit need to support this functionality for remote hosts.  If
    this functionality must be supported, IBM provides fixes as
    outlined in Sections B and C below.  For questions concerning
    these workarounds or fixes, please contact IBM at the number
    provided below.

    A. Workaround

       Disable the bsh queue by following one of the two procedures
       outlined below:

       1. As root, from the command line, enter:
          # chque -qbsh -a"up = FALSE"

       2. From SMIT, enter:
          - Spooler
          - Manage Local Printer Subsystem
          - Change/Show Characteristics of a Queue
             select bsh
          - Activate the Queue
             select no

    B. Emergency fix

       Obtain and install the emergency fix for the version(s) of AIX
       used at your site.  Fixes for the various levels of AIX are
       available by anonymous FTP from software.watson.ibm.com.  The
       files are located in /pub/aix/bshfix.tar.Z in compressed tar
       format.  Installation instructions are included in the README
       file included as part of the tar file.

       The directory /pub/aix contains the latest available emergency
       fix for APAR IX44381.  As updates become available, any new
       versions will be placed in this directory with the name
       bshfix<#>.tar.Z with <#> being incremented for each update.
       See the README.FIRST file in that directory for details.

       IBM may remove this emergency fix file without prior notice if
       flaws are reported.  Due to the changing nature of these
       files, no checksum information is available.

    C. Official fix

       The official fix for this problem can be ordered as APAR
       IX44381.

       To order APARs from IBM in the U.S., call 1-800-237-5511 and
       ask that it be shipped to you as soon as it is available.  To
       obtain APARs outside of the U.S., contact your local IBM
       representative.

- ---------------------------------------------------------------------------
The CERT Coordination Center wishes to thank Gordon C. Galligher of
Information Resources, Inc.  for reporting this problem and IBM
Corporation for their support in responding to this problem.
- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in Forum of Incident
Response and Security Teams (FIRST).

If you wish to send sensitive incident or vulnerability information to
CERT via electronic mail, CERT strongly advises that the e-mail be
encrypted.  CERT can support a shared DES key, PGP (public key
available via anonymous FTP on info.cert.org), or PEM (contact CERT
for details).

Internet E-mail: [email protected]
Telephone: 412-268-7090 (24-hour hotline)
          CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
          and are on call for emergencies during other hours.

CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
USA

Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous FTP from
info.cert.org.

Copyright 1994, 1996 Carnegie Mellon University
This material may be reproduced and distributed without permission provided
it is used for noncommercial purposes and the copyright statement is
included.

CERT is a service mark of Carnegie Mellon University.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revision history

Aug. 30, 1996   Removed references to README files because advisories
               themselves are now updated.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMiSd8nVP+x0t4w7BAQGIBQQArrFHhp6x/+L9bGEcxIHOM4QVxwOR8R1F
wwhA9QOkQkeCEgkqVrM9vBTR9mrNaoxoXBpmnDyIDhcyd46BrbbJcNU+7tvY2Tya
016jVfmNWGKsqPYFPQlBuWv2uaouDauOBQC+2fsaGtVvDZax0rudqSZUe/4yJNT9
+taMZi4HUP0=
=nFeQ
-----END PGP SIGNATURE-----

You are viewing proxied material from gopher.altexxanet.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.