Security-Related APARs


Contents

About this document
AIX 4.3 APARs

About this document

This document lists security-related APARs for current releases of AIX. To facilitate ease of ordering, all security related APARs for each release can be ordered using the following packaging APARs.

    AIX 4.3:   IY15473	(updated 1/2001)
APARs can be ordered using FixDist. For additional information on FixDist, send e-mail with a subject of "FixDist" to aixserv@austin.ibm.com, or refer to the following URL:
  
http://techsupport.services.ibm.com/rs6k/fixes.html

AIX 4.3 APARs

IX72045  CDE LOGIN GIVES INVALID USER NAME MESSAGE BEFORE PW ENTERED
IX72553  SECURITY: VULNERABILITY IN I/O SIGNAL HANDLING
IX73077  SECURITY: FTP BOUNCE VULNERABILITY
IX73214  SECURITY: TELNET DENIAL OF SERVICE ATTACK
IX73438  SECURITY: VULNERABILITY IN DTAPPGATHER
IX73586  SECURITY HOLE IN FTP, TFTP, UTFTP
IX73836  /ETC/HOSTS.EQUIV IS ALLOWING WRONG USERS TO LOG IN
IX73951  SECURITY: ROUTED SHOULD IGNORE TRACE PACKETS
IX73961  PCNFSD DAEMON UPDATES WTMP FILE INCORRECTLY
IX74296  PROGRAMS USING LEX GENERATED SOURCE COREDUMP
IX74599  SECURITY: VULNERABILITY IN DIGEST
IX74793  SECURITY HOLE IN TN3270
IX74802  CSH CORE DUMPS WHEN ENV VARIABLE IS LONGER THAN 2K
IX75275  SECURITY: LOGSYMPTOM FOLLOWS SYMLINKS
IX75554  SECURITY: TIMEX CREATES INSECURE TEMPORARY FILES
IX75564  ETHERNET DRIVER PASSES PACKETS TOO SMALL CAUSING CRASH
IX75566  SECURITY: NON-ROOT USERS CAN CREATE AND BIND TO AF_NDD SOCKETS
IX75761  BAD FILE HANDLE CAN CRASH LOCK DAEMON
IX75840  SECURITY: DEAD.LETTER CREATED WITH GROUP PRINTQ
IX75864  SECURITY:  /BIN/MAN CREATES INSECURE TEMPORARY FILES
IX76015  NFS V2 DOES HANDLE 65535 AS A UID
IX76039  SECURITY: DPID2 CORE DUMPS IN WORLD WRITABLE DIRECTORY
IX76040  SECURITY: SNMPD LOG FILE FOLLOWS SYMLINKS
IX76049  SECURITY: CDE TRASHINFO FILE CREATED WORLD-WRITABLE
IX76960  BIND: CERT ADVISORY CA-98.05
IX76962  BIND: CERT ADVISORY CA-98.05
IX77338  SECURITY: SORT CREATES INSECURE TEMPORARY FILES
IX77508  CDE MAILER (DTMAIL) ALLOWS A USER TO READ A MAILBOX WHICH THE
IX77592  SECURITY: PORTMAP CREATES INSECURE TEMPORARY FILES
IX78071  IFCONFIG.AT HAVE A WRONG FILE PERMISSIONS
IX78202  SECURITY: BUFFER OVERFLOWS IN XTERM AND AIXTERM.
IX78248  SECURITY: VULNERABILITY IN GROUP SHUTDOWN
IX78349  SECURITY: BAD PERMISSIONS ON /ETC/SECURITY/LOGIN.CFG
IX78564  SECURITY:LONG FONTNAMES CAN OVERFLOW BUFFERS IN FONTSERVER
IX78612  SECURITY: BUFFER OVERFLOWS IN XAW AND XMU.
IX78646  SECURITY: RC.NET.SERIAL CREATES INSECURE TEMPORARY FILES
IX78719  NFS V2 DOES NOT HANDLE 65535 AS A UID
IX78732  SECURITY: FILES IN /VAR/DT ARE CREATED INSECURELY BY CDE LOGIN
IX79136  SECURITY: INSECURE TEMPORARY FILES IN DIAGSUP SCRIPTS
IX79139  SECURITY: ACLPUT/ACLEDIT CREATE INSECURE TEMPORARY FILES
IX79679  "RCP SECURITY PROBLEM"
IX79681  SECURITY: INSECURE TEMPORARY FILES IN CMDMISC SCRIPTS
IX79682  SECURITY: INSECURE TEMPORARY FILES IN CMDSCCS SCRIPTS
IX79683  SECURITY: INSECURE TEMPORARY FILES IN CMDTZ SCRIPTS
IX79700  SECURITY: INSECURE TEMPORARY FILES IN CMDNLS SCRIPTS
IX79701  SECURITY: INSECURE TEMPORARY FILES IN CMDTEXT SCRIPTS
IX79857  SECURITY HOLE
IX79909  NSLOOKUP CORE DUMPS WITH LONG STRINGS
IX79979  SECURITY: VULNERABILITY IN GROUP SHUTDOWN
IX80036  SECURITY: CRON CREATES INSECURE LOCK FILE
IX80387  SECURITY: INSECURE CREATION OF LPD LOCK FILE
IX80391  SECURITY: INSECURE TEMPORARY FILES IN CMDSNAP SCRIPTS
IX80447  SECURITY: BUFFER OVERFLOWS IN IMAPD
IX80470  SECURITY: PTRACE() PROBLEM WITH SET-GID PROGRAMS
IX80510  SECURITY: DON'T INHERIT CLOSED STDIN,STDOUT,STDERR DESCRIPTORS
IX80543  SECURITY:LIBNSL BUFFER OVERRUNS
IX80548  SECURITY: RAS SCRIPTS SHOULDN'T FOLLOW SYMLINKS
IX80549  SECURITY: /BIN/MORE CREATES INSECURE TEMPORARY FILES
IX80762  SECURITY: /BIN/VI CREATES INSECURE TEMPORARY FILES
IX80792  SECURITY: BUFFER OVERFLOWS IN IMAPD
IX81058  SECURITY: INSECURE TEMPORARY FILES IN CMDBSYS SCRIPTS
IX81077  SECURITY: TTYLOCK() ALLOWS CREATION OF WORLD-READABLE FILES
IX81078  SECURITY: INSECURE TEMPORARY FILES IN CMDFILES SCRIPTS
IX81442  SECURITY: VULNERABILITY IN RPC.TTDBSERVERD
IX81507  SECURITY: MORE VULNERABILITIES IN PCNFSD
IX81999  POST COMMAND SHOULD NOT BE SUID
IX82002  FORCE REXECD USER PRIVILEDGES
IX83542  AIX 4.3.3.0 MAINTENANCE LEVEL
IX83752  SECURITY: VULNERABILITY IN AUTOFS
IX84493  SECURITY: VULNERABILITY IN SETGID EXECUTABLES
IX84642  SECURITY: VULNERABILITY IN INFOEXPLORER DAEMON (INFOD)
IX85233  SECURITY : MAILBOX GETS CORRUPTED
IX85556  SECURITY: BUFFER OVERFLOW IN FTP CLIENT
IX85600  BOOTP: CERT ADVISORY
IX86845  SVCAUTH_UNIX CRASH ON NEGATIVE NUMBER
IX87016  REMBAK FAILS WHEN INVOKED WITH VERY LONG USERNAME/HOSTNAME
IX87669  NULL MBUF CAN CRASH SYSTEM IN NFS CODE
IX87727  STOP UNCOMMENTING RPC DAEMONS IN /ETC/INETD.CONF AFTER NFS
IX88021  ADD FINGER TIMEOUT
IX88263  SECURITY: SNAP MAY LEAK SENSITIVE INFORMATION
IX88633  SECURITY: INSECURE TEMPORARY FILES IN /SBIN/RC.BOOT
IX89182  LICENSE SERVER HANGS
IX89415  SECURITY: XAUTH IS BROKEN IN 4.3.X
IX89419  SECURITY: BUFFER OVERFLOW IN DTSPCD
IX89687  SECURITY: NFS SCRIPTS CREATE INSECURE TEMPORARY FILES
IY00892  INSECURE TEMPORARY FILES IN BOS.PERF PACKAGING SCRIPT
IY01439  SECURITY: INSECURE TEMPORARY FILES IN /ETC/RC.POWERFAIL
IY02033  RESERVED
IY02120  SECURITY: BUFFER OVERFLOW IN NSLOOKUP
IY02397  SECURITY: NON-ROOT USERS CAN USE PTRACE TO CRASH THE SYSTEM
IY02944  SECURITY: BUFFER OVERFLOW IN "DTACTION -U"
IY03849  SECURITY: VULNERABILITY IN TTSESSION
IY04477  SECURITY BUFFER OVERFLOWS IN FTPD
IY04865  SECURITY: NON-ROOT USERS CHANGE SYS INFO VIA SNMPD
IY05249  SECURITY: BUFFER OVERFLOWS IN SNMPD
IY05772  SECURITY: POSSIBLE BUFFER OVERFLOW IN AIXTERM TITLE HANDLING
IY05851  NAMED8: SECURITY VULNERABILITIES IN BIND
IY06059  GENFILT CANNOT FILTER PORT NUMBERS > 32767
IY06367  SECURITY: VULNERABILITY IN DTPRINTINFO
IY06589  BUG IN GET_SEQNUM
IY06694  SECURITY: ANOTHER BUFFER OVERFLOW IN DTSPCD
IY06697  SECURITY: RPC.MOUNTD ALLOWS FILENAME DISCOVERY AGAIN
IY06814  CRASH IN FLTR_IN_CHK() M_COPYDATA()
IY06817  XDM HAS TROUBLE WITH LONG PASSWORDS
IY07265  CHSEC ALLOWS NON-ADMIN USR TO CHANGE ADMIN USER ATTRIBUTES
IY07425  IN CERTAIN CASES, LIBQB ROUTINE CAN CAUSE CORE DUMP
IY07831  SECURITY: BUFFER OVERFLOW IN SETCLOCK
IY07832  SECURITY: ANOTHER BUFFER OVERFLOW IN PORTMIR
IY08128  SECURITY: VULNERABILITY IN MKATMPVC
IY08143  SECURITY: BUFFER OVERFLOWS IN ENQ COMMAND
IY08606  SECURITY: BUFFER OVERFLOW IN _XAIXREADRDB
IY08812  SECURITY: BUFFER OVERFLOW IN SETSENV
IY09514  SECURITY: VULNERABILITY IN FRCACTRL
IY09941  SECURITY: LOCAL USERS CAN GAIN WRITE ACCESS TO SOME FILES
IY10250  DHCPSD: SECURITY: D-O-S ATTACK VULNERABILITY
IY10805  MKATM IS A SHELL SCRIPT AND SHOULDN'T BE SETUID
IY11067  X SERVER FREEZES DUE TO DOS
IY11224  SECURITY: BUFFER OVERFLOW IN XTERM
IY11233  SECURITY: NCS CMDS LINKED WITH INSECURE LINKER ARGUMENT
IY11450  SECURITY: BUFFER OVERRUN IN MIT KERBEROS LIBRARIES
IY12147  NON-ROOT USERS CAN ISSUE THE NETSTAT -Z FLAG
IY12251  SECURITY: POSSIBLE VULNERABILITIES IN ERRPT
IY12638  SECURITY: BUFFER OVERFLOW IN PRINT CMDS
IY13780  SECURITY: BUFFER OVERFLOW  IN LIBNTP
IY13781  SECURITY: FORMAT STRING VULNERABILITY IN FTP CLIENT
IY13783  FORMAT STRING VULNERABILITIES IN GETTY'S ERROR LOGGING FUNCS
IY14512  DNS CERT ADVISORY FOR SRV & ZXFR BUGS



[ Doc Ref: 90605222014626     Publish Date: Jan. 31, 2001     4FAX Ref: none ]