-----BEGIN PGP SIGNED MESSAGE----- =============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Don Stikvoort Index : S-96-19 Distribution : World Page : 1 Classification: External Version: 1 Subject : Vulnerability in IBM AIX "rmail" Date : 19-Apr-96 =============================================================================== By courtesy of IBM-ERS (the IBM CERT) we received information on a vulnerability in the IBM AIX version 3 "rmail" program. CERT-NL recommends implementing the presented workaround immediately. ============================================================================== VULNERABILITY SUMMARY VULNERABILITY: Vulnerability in the IBM AIX "rmail" program. PLATFORMS: AIX Version 3 (Version 4 does not contain this vulnerability). SOLUTION: Take one of the actions described below. THREAT: A user can gain unauthorized access to another user's mail. =============================================================================== DETAILED INFORMATION I. Description There is a potential security exposure in the "rmail" program on Version 3 of the IBM AIX operating system. Version 4 of AIX does not contain this vulnerability. II. Impact A user with knowledge of this vulnerability can exercise it to obtain unauthorized access to another user's electronic mail. III. Solutions The IBM AIX Response Team recommends two solutions to this problem: 1. Log in to the workstation as "root" and issue the command: # /usr/bin/chmod 555 /usr/bin/rmail /bin/rmail 2. Apply the following APAR to your system once the APAR is available: APAR - IX57680 The first solution should be applied immediately to remove the vulnerability to your system. Once the APAR is available, you should also apply the second solution. IV. Acknowledgements IBM-ERS would like to thank the IBM AIX Response Team for providing the information contained in this alert. (Copyright 1996 International Business Machines Corporation.) ============================================================================== CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST). All CERT-NL material is available under: http://www.surfnet.nl/surfnet/security/cert-nl.html ftp://ftp.surfnet.nl/surfnet/net-security In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team). CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer, i.e. UTC+0100 in winter and UTC+0200 in summer (DST). Email: cert-nl@surfnet.nl Phone: +31 302 305 305 Fax: +31 302 305 329 Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands A 7 * 24 hours phone number is available to SURFnet SSC's and FIRST members on request. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMXcrhWL2fnkJN/jpAQFelQQAurIHLtZq0Oy8YmmRPZSLcEKmyQzG6gC/ kiay3hcjNF4qaqmnh/Ph6PBIIPZEyToxVZrqZ4FcLShXvPSsWD/PN8/84jeUUQUO O30nyZ+IWpOclWvtxsb2HlL8HLFp47fJw51x9nj6xaEz9KDReibXCTb6KZQdKQ5U ooQc4n92auU= =vZLE -----END PGP SIGNATURE-----