-----BEGIN PGP SIGNED MESSAGE-----

===============================================================================
Security Advisory CERT-NL
===============================================================================
Author/Source : Xander Jansen                               Index  :    S-98-52
Distribution  : World                                       Page   :          1
Classification: External                                    Version:          1
Subject       : IBM AIX "sdrd" daemon Vulnerability         Date   :   9-Aug-98
===============================================================================

By courtesy of CIAC we received information on a vulnerability in the "sdrd"
daemon used on the IBM SP2 platform. This vulnerability may allow anyone
unauthorized access to files on the system. CERT-NL recommends sites running the
"sdrd" daemon to apply the patch mentioned below as soon as possible.

===============================================================================

             __________________________________________________________

                       The U.S. Department of Energy
                    Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                      IBM AIX "sdrd" daemon Vulnerability

August 4, 1998 20:00 GMT                                          Number I-079
______________________________________________________________________________
PROBLEM:       A vulnerability exists in "sdrd" daemon that allows other nodes
               to make request, thereby allowing remote retrieval of any file off
               the system possible.
PLATFORM:      IBM SP2.
DAMAGE:        By exploiting this vulnerability, remote users may gain access
               to the system.
SOLUTION:      Apply the patch indicated below.
______________________________________________________________________________
VULNERABILITY  Currently, there are no reports of this vulnerability being
ASSESSMENT:    exploited. However, CIAC recommends that all systems running
               the "sdrd" daemon be patched immediately.
______________________________________________________________________________


        CIAC has been informed of a security vulnerability with "sdrd" daemon
running on the IBM SP2 platform.   This vulnerability may allow remote users to
retrieve files on the System Data Repository (SDR) machine, thereby allowing
remote users to gain access to the system.

        The System Data Repository (SDR) is a SP subsystem that stores SP
configuration and some operational information.  The SDR information is stored on
a Control Workstation, but is made available through a client/server interface to
other network-connected nodes.  In most cases, SDR interaction is performed using
the SDR command-line interface.  However, the "sdrd" daemon allows other nodes to
make request without performing any authentication. This security flaw allows
anyone to use the retrieve file command to get any file on the SRD system.

        CIAC is unaware of any workarounds.  The only alternative is to download
and install the patch provided by IBM.


IBM Patch Information

ftp://aix.software.ibm.com/aix/efixes/security/sdrd.tar.Z


===========================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers.
SURFnet is the Dutch network for educational, research and related institutes.
CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST).


All CERT-NL material is available under:
  http://www.surfnet.nl/surfnet/security/cert-nl.html
  ftp://ftp.surfnet.nl/surfnet/net-security

In case of computer or network security problems please contact your
local CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet
customer please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

   Email:     cert-nl@surfnet.nl     ATTENDED REGULARLY ALL DAYS
   Phone:     +31 302 305 305        BUSINESS HOURS ONLY
   Fax:       +31 302 305 329        BUSINESS HOURS ONLY
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands

NOODGEVALLEN:    06 52 87 92 82      ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 52 87 92 82      ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.

==============================================================================

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQCVAwUBNc3tvFpSTqmIRWKVAQG9HQQAuk7COAcXkU2kaCubosyM8ARBRBlMl3Gj
8iZDy97igGfV0qddeG8+N0XoZrFsf5Ztf0L+Oikv60iyTS6zSkW1TF2CjSGr0zMN
XBcb8e9yj6PoRkfYKU1BkuaKSxg1e3dyiWE+zbc/q+pI/rxyIiDlg0gZZBpLcdCP
sry0NqnKWxo=
=cuEK
-----END PGP SIGNATURE-----