| |
|
|
IBM Information for VU#595507
Vendor Statement[from IBM Security Advisory contained in: ftp://aix.software.ibm.com/aix/efixes/security/tooltalk_efix.tar.Z]A. Official fix
The APARs for AIX 4.3 and 5.1 will not be available until late October - November 2001. NOTE: Fix will not be provided for versions prior to 4.3 as these are no longer supported by IBM. Affected customers are urged to upgrade to 4.3.3 at the latest maintenance level, or to 5.1. B. How to minimize the vulnerability WORKAROUND None, other than disabling the CDE Tooltalk RPC database server. EMERGENCY FIX (efix): Temporary fixes for AIX 4.3.x and 5.1 systems are available. The temporary fixes can be downloaded via ftp from: ftp://aix.software.ibm.com/aix/efixes/security The name of the efix you want to download to close this vulnerability is tooltalk_efix.tar.Z. The efix compressed tarball contains a copy of this Advisory and another tarfile, efix_binaries.tar. This latter tarfile will untar into two subdirectories, tooltalk_rpc_aix43_efix and tooltalk_rpc_aix51_efix, for AIX 4.3 and 5.1, respectively. Each subdirectory contains a patched rpc.ttdbserver and libtt.a binary, plus an INSTALL textfile that is a synopsis of the installation instructions given below. In the same directory level with the Advisory is a detached PGP signature file for the tarfile containing the fixes, efix_binaries.tar.asc. These temporary fixes have not been fully regression tested; thus, IBM does not warrant the fully correct functioning of the efix. Customers install the efix and operate the modified version of AIX at their own risk. Vendor InformationThe vendor has not provided us with any further information regarding this vulnerability.AddendumSee also:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2001.425.1
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
 | |||||||||||||||||
 |
||||||||||||||||||||
