Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > July 2007 > IBM AIX Security advisories

July 2007

IBM AIX Security advisories

ID: 153
Ref: 98/2007
Date: 10 July 2007:16:13:31
Version: 1
Title: IBM AIX Security advisories
Abstract: AIX 5.3 and AIX 5.2 A buffer overflow vulnerability exists in libodm
Vendors affected: IBM
Operating systems affected: IBM
Applications affected: IBM
---------------------------------------------------------------------------

AIX 5.3 : Security advisories (2007.07.09)

A buffer overflow vulnerability exists in libodm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IBM SECURITY ADVISORY


First Issued: Mon Jul 9 11:46:29 CDT 2007
=========================================================================
VULNERABILITY SUMMARY

VULNERABILITY: A buffer overflow vulnerability exists in libodm.

PLATFORMS: AIX 5.2, 5.3.

SOLUTION: Apply the APAR, interim fix or workaround as
described below.

THREAT: A local user may execute arbitrary code with root
privileges.

CERT VU Number: n/a
CVE Number: n/a
=========================================================================
DETAILED INFORMATION


I. Description
==============

A buffer overflow vulnerability exists in the libodm library whereby a local
user may be able to execute arbitrary code.

A. Background
- -------------
IBM provides an Object Data Manager (ODM) for storing system settings, device
configuration and application information in the AIX operating system.

B. Vulnerability assessment
- --------------------------

The following table shows which file-sets are affected by this issue:

AIX Release File-set Lower Upper
Level Level
-----------------------------------------------------------------
AIX 5.2 bos.rte.odm 5.2.0.85 5.2.0.105
AIX 5.3 bos.rte.odm 5.3.0.40 5.3.0.50

To determine which version of a given file-set is installed, execute following
command:

# lslpp -L grep bos.rte.odm

The file-set will be listed along with its version information, state, type
and a description.

II. Impact
==========

Successful exploitation of this vulnerability can result in a local user
executing arbitrary code with root privileges.

III. Solutions
==============

A. Official Fix
- ---------------

IBM provides the following fixes:

APAR number for AIX 5.2.0: IY97632 (available approx. 07/25/07)
APAR number for AIX 5.3.0: IY97632 (available approx. 07/04/07)

NOTE: Affected customers are urged to upgrade to the latest applicable
Technology Level and Service Pack.

B. Interim Fix
- --------------

Interim fixes are available. The interim fixes can be downloaded via ftp
from:

ftp://aix.software.ibm.com/aix/efixes/security/libodm_ifix.tar.Z

This is a compressed tarball containing this advisory, interim fix packages
and cleartext PGP signatures for each package.

AIX Release & Interim fix
Technology Level
- ------------------------------------------------
5300-04 IY97632_04.070709.epkg.Z
5300-05 IY97632_05.070709.epkg.Z
5300-06 IY97632_06.070709.epkg.Z
5200-08 IY97632_08.070709.epkg.Z
5200-09 IY97632_09.070709.epkg.Z
5200-10 IY97632_10.070709.epkg.Z

Verify you have retrieved the fixes intact:
+------------------------------------------
The interim fixes below are named by using the technology level corresponding
to the release that the fix applies to.

The checksums below were generated using the "sum" and "md5sum" commands and
are as follows:

The interim fixes below include prerequisite checking. This will enforce the
correct mapping between the fixes and AIX Technology Levels.

Filename sum md5sum
- -----------------------------------------------------------------------
IY97632_04.070709.epkg.Z 18324 125 53a24f096f6508fdb034b5aa8c466bcd
IY97632_05.070709.epkg.Z 18858 125 ae5f49d547d4bb4863d1285c73dc4ea5
IY97632_06.070709.epkg.Z 38524 125 c87c8c0273de5effcf75f1426475dd1a
IY97632_08.070709.epkg.Z 22669 126 b1b19d0c0b5296b913d901c7e649e864
IY97632_09.070709.epkg.Z 50020 125 8b7d8327d0c5f362d7b6f800037c1aa3
IY97632_10.070709.epkg.Z 31936 126 78650dea77ecefc95ba368fdc3ee2f71

These sums should match exactly. The PGP signatures in the compressed tarball
and on this advisory can also be used to verify the integrity of the various
files they correspond to. If the sums or signatures cannot be confirmed,
double check the command results and the download site address.
If those are OK, contact IBM AIX Security at security-alert@austin.ibm.com and
describe the discrepancy.

IMPORTANT: If possible, it is recommended that a mksysb backup of the system
is created. Verify it is both bootable, and readable before proceeding.

These interim fixes have not been fully regression tested; thus, IBM does not
warrant the fully correct functioning of the interim fix. Customers install
the interim fix and operate the modified version of AIX at their own risk.


Interim Installation Instructions
- ---------------------------------

These packages use the new Interim Fix Management Solution to install and
manage interim fixes. More information can be found at:

http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html

To preview an epkg interim fix installation execute the following command:

# emgr -e ipkg_name -p # where ipkg_name is the name of the
# interim fix package being previewed.

To install an epkg interim fix package, execute the following command:

# emgr -e ipkg_name -X # where ipkg_name is the name of the
# interim fix package being installed.

The "X" flag will expand any filesystems if required.

C. Workaround
- -------------

None.

IV. Obtaining Fixes
====================

AIX Version 5 APARs can be downloaded from:

http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html

Security related Interim Fixes can be downloaded from:

ftp://aix.software.ibm.com/aix/efixes/security


V. Contact Information
=======================

If you would like to receive AIX Security Advisories via email, please
visit:

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd

Comments regarding the content of this announcement can be directed to:

security-alert@austin.ibm.com

To request the PGP public key that can be used to communicate securely with
the AIX Security Team send email to security-alert@austin.ibm.com with a
subject of "get key". The key can also be downloaded from a PGP Public Key
Server. The key id is 0x4265D862.

Please contact your local IBM AIX support center for any assistance.

eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their respective
holders.

VI. Acknowledgments
===================

iDefense (http://labs.idefense.com/) credits an anonymous contributer.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (AIX)

iD8DBQFGkt+S0eNzcEJl2GIRAijHAJsG5S7WqL7LNRe6Y5wwXvtPbqMcgACfYMLJ
HCfKVqDwXKVVjzRvX42ZHB0=
=S0cn
-----END PGP SIGNATURE-----



---------------------------------------------------------------------

Related URLs:

Find end of support dates for AIX and software running on AIX
http://www.ibm.com/services/sl/products

Visit Unix Servers Support for a wide array of technical resources.
http://www.ibm.com/servers/eserver/support/unixservers

Download fixes for AIX V5 and 4.3 OS, Java, Compilers:
http://www-912.ibm.com/eserver/support/fixes/

Update your Subscription Service profile
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoe?mode=2

Unsubscribe from Subscription Service
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoe?mode=3

Sign up for customized weekly newsletter from IBM
https://isource.ibm.com/world/index.shtml

----------------------------------------------------------------------
IBM and AIX are trademarks or registered trademarks of the International
Business Machines Corporation in the United States or other countries, or
both.



AIX 5.2 : Security advisories (2007.07.09)

A buffer overflow vulnerability exists in libodm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IBM SECURITY ADVISORY


First Issued: Mon Jul 9 11:46:29 CDT 2007
=========================================================================
VULNERABILITY SUMMARY

VULNERABILITY: A buffer overflow vulnerability exists in libodm.

PLATFORMS: AIX 5.2, 5.3.

SOLUTION: Apply the APAR, interim fix or workaround as
described below.

THREAT: A local user may execute arbitrary code with root
privileges.

CERT VU Number: n/a
CVE Number: n/a
=========================================================================
DETAILED INFORMATION


I. Description
==============

A buffer overflow vulnerability exists in the libodm library whereby a local
user may be able to execute arbitrary code.

A. Background
- -------------
IBM provides an Object Data Manager (ODM) for storing system settings, device
configuration and application information in the AIX operating system.

B. Vulnerability assessment
- --------------------------

The following table shows which file-sets are affected by this issue:

AIX Release File-set Lower Upper
Level Level
-----------------------------------------------------------------
AIX 5.2 bos.rte.odm 5.2.0.85 5.2.0.105
AIX 5.3 bos.rte.odm 5.3.0.40 5.3.0.50

To determine which version of a given file-set is installed, execute following
command:

# lslpp -L grep bos.rte.odm

The file-set will be listed along with its version information, state, type
and a description.

II. Impact
==========

Successful exploitation of this vulnerability can result in a local user
executing arbitrary code with root privileges.

III. Solutions
==============

A. Official Fix
- ---------------

IBM provides the following fixes:

APAR number for AIX 5.2.0: IY97632 (available approx. 07/25/07)
APAR number for AIX 5.3.0: IY97632 (available approx. 07/04/07)

NOTE: Affected customers are urged to upgrade to the latest applicable
Technology Level and Service Pack.

B. Interim Fix
- --------------

Interim fixes are available. The interim fixes can be downloaded via ftp
from:

ftp://aix.software.ibm.com/aix/efixes/security/libodm_ifix.tar.Z

This is a compressed tarball containing this advisory, interim fix packages
and cleartext PGP signatures for each package.

AIX Release & Interim fix
Technology Level
- ------------------------------------------------
5300-04 IY97632_04.070709.epkg.Z
5300-05 IY97632_05.070709.epkg.Z
5300-06 IY97632_06.070709.epkg.Z
5200-08 IY97632_08.070709.epkg.Z
5200-09 IY97632_09.070709.epkg.Z
5200-10 IY97632_10.070709.epkg.Z

Verify you have retrieved the fixes intact:
+------------------------------------------
The interim fixes below are named by using the technology level corresponding
to the release that the fix applies to.

The checksums below were generated using the "sum" and "md5sum" commands and
are as follows:

The interim fixes below include prerequisite checking. This will enforce the
correct mapping between the fixes and AIX Technology Levels.

Filename sum md5sum
- -----------------------------------------------------------------------
IY97632_04.070709.epkg.Z 18324 125 53a24f096f6508fdb034b5aa8c466bcd
IY97632_05.070709.epkg.Z 18858 125 ae5f49d547d4bb4863d1285c73dc4ea5
IY97632_06.070709.epkg.Z 38524 125 c87c8c0273de5effcf75f1426475dd1a
IY97632_08.070709.epkg.Z 22669 126 b1b19d0c0b5296b913d901c7e649e864
IY97632_09.070709.epkg.Z 50020 125 8b7d8327d0c5f362d7b6f800037c1aa3
IY97632_10.070709.epkg.Z 31936 126 78650dea77ecefc95ba368fdc3ee2f71

These sums should match exactly. The PGP signatures in the compressed tarball
and on this advisory can also be used to verify the integrity of the various
files they correspond to. If the sums or signatures cannot be confirmed,
double check the command results and the download site address.
If those are OK, contact IBM AIX Security at security-alert@austin.ibm.com and
describe the discrepancy.

IMPORTANT: If possible, it is recommended that a mksysb backup of the system
is created. Verify it is both bootable, and readable before proceeding.

These interim fixes have not been fully regression tested; thus, IBM does not
warrant the fully correct functioning of the interim fix. Customers install
the interim fix and operate the modified version of AIX at their own risk.


Interim Installation Instructions
- ---------------------------------

These packages use the new Interim Fix Management Solution to install and
manage interim fixes. More information can be found at:

http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html

To preview an epkg interim fix installation execute the following command:

# emgr -e ipkg_name -p # where ipkg_name is the name of the
# interim fix package being previewed.

To install an epkg interim fix package, execute the following command:

# emgr -e ipkg_name -X # where ipkg_name is the name of the
# interim fix package being installed.

The "X" flag will expand any filesystems if required.

C. Workaround
- -------------

None.

IV. Obtaining Fixes
====================

AIX Version 5 APARs can be downloaded from:

http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html

Security related Interim Fixes can be downloaded from:

ftp://aix.software.ibm.com/aix/efixes/security


V. Contact Information
=======================

If you would like to receive AIX Security Advisories via email, please
visit:

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd

Comments regarding the content of this announcement can be directed to:

security-alert@austin.ibm.com

To request the PGP public key that can be used to communicate securely with
the AIX Security Team send email to security-alert@austin.ibm.com with a
subject of "get key". The key can also be downloaded from a PGP Public Key
Server. The key id is 0x4265D862.

Please contact your local IBM AIX support center for any assistance.

eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their respective
holders.

VI. Acknowledgments
===================

iDefense (http://labs.idefense.com/) credits an anonymous contributer.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (AIX)

iD8DBQFGkt+S0eNzcEJl2GIRAijHAJsG5S7WqL7LNRe6Y5wwXvtPbqMcgACfYMLJ
HCfKVqDwXKVVjzRvX42ZHB0=
=S0cn
-----END PGP SIGNATURE-----



---------------------------------------------------------------------

Related URLs:

Find end of support dates for AIX and software running on AIX
http://www.ibm.com/services/sl/products

Visit Unix Servers Support for a wide array of technical resources.
http://www.ibm.com/servers/eserver/support/unixservers

Download fixes for AIX V5 and 4.3 OS, Java, Compilers:
http://www-912.ibm.com/eserver/support/fixes/

Update your Subscription Service profile
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoe?mode=2

Unsubscribe from Subscription Service
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoe?mode=3

Sign up for customized weekly newsletter from IBM
https://isource.ibm.com/world/index.shtml

----------------------------------------------------------------------
IBM and AIX are trademarks or registered trademarks of the International
Business Machines Corporation in the United States or other countries, or
both.
___________________________________________________________________________

CPNI wishes to acknowledge the contributions of IBM for the
information contained in this advisory.
___________________________________________________________________________

This advisory contains information released by the original author. Some
of the information may have changed since it was released. If the issue
affects you, it may be prudent to retrieve the advisory from the site of
the original source to ensure that you receive the most current
information concerning that problem.

Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by CPNI. The views and
opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.

CPNI shall not accept responsibility for any errors or omissions
contained within this advisory. In particular, they shall not be liable
for any loss or damage whatsoever, arising from or in connection with the
usage of information contained within this advisory.

CPNI is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response Teams
(IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
___________________________________________________________________________


  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |