Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

IBM Information for VU#569272

Date Notified:2001-10-24
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

IBM's AIX operating system, versions 4.3 and 5.1, are susceptible to this vulnerability. We have prepared an emergency fix ("efix"), "tsmlogin_efix.tar.Z", and it is available for downloading from:

ftp://aix.software.ibm.com/aix/efixes/security

The APAR assignment for AIX 5.1 is IY26221. The APAR for AIX 4.3 is IY26443. Both will be available soon. The "README" file at the above FTP site will be updated to provide the official fix information and availability.

Update: Incomplete installation instructions were included in the first posting of the efix on Wednesday, 12 December 2001. The installation instructions were rewritten and tarballed with the efixes. The efix tarball was then reposted to the FTP download site on the afternoon of Thursday, 13 December. An amended advisory reflecting the correct instructions has also been issued. Customers may wish to consult the amended advisory, or download the most recent efix, to obtain the new instructions.

IBM is developing an emergency fix for AIX 4.2.1 at Maintenance Level 06 (the last ML done). Also, we are developing efixes for AIX 4.3.3 at maintenance levels 06 and 08.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information