Date: December 13, 2001
A CERT security advisory was issued yesterday (12/12/01) regarding a System V login vulnerability that attackers can exploit to gain root access. The vulnerability exists in AIX, Solaris 8, HP-UX, Irix, SCO. For more information, visit the CERT web site:
http://www.cert.org/advisories/CA-2001-34.html
AIX has an emergency fix ("efix"), "tsmlogin_efix.tar.Z" located at:
ftp://aix.software.ibm.com/aix/efixes/security
The APAR assignment for AIX 5.1 is IY26221, and will be
available soon. The APAR for AIX 4.3 is pending, as a new
level of 4.3 is nearly available. The "README" file at the above
FTP site will be updated to provide the official fix information
and availability.
Bruce Spencer,
baspence@us.ibm.com