-----BEGIN PGP SIGNED MESSAGE-----

===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : IMB-ERS                                     Index  :    S-99-28
Distribution  : World                                       Page   :          1
Classification: External                                    Version:          1
Subject       : IBM C Set ++ for AIX Source Code Browser    Date   :   20-08-99
===============================================================================

By courtesy of IBM ERS we received
information on a vulnerability in the IBM C Set ++ for AIX Source Code Browser

CERT-NL recommends to follow the recommendation of IBM

==============================================================================
                           EMERGENCY RESPONSE SERVICE
                          SECURITY VULNERABILITY ALERT

17 August 1999 13:00 GMT                         Number: ERS-SVA-E01-1999:003.1
===============================================================================
                           VULNERABILITY SUMMARY

VULNERABILITY:    The IBM C Set ++ for AIX Source Code Browser allows local
                  and remote users to become root.

PLATFORMS:        C Set ++ for AIX Version 3 (5765-421)
                  C Set ++ for AIX Version 2 (5765-186)

SOLUTION:         Disable the source code browser daemon (pdnsd).

===============================================================================
                           DETAILED INFORMATION

I.  Description

A buffer overflow vulnerability has been discovered in the Source Code
Browser's Program Database Name Server Daemon (pdnsd) of versions 2 and 3 of
IBM's C Set ++ for AIX.  This vulnerability allows local and remote users to
gain root access.  To date, there are no known reports of this being
exploited.

II.  Solutions

  A.  Official fix

    IBM C Set ++ for AIX versions 2 and 3 are no longer supported and no APAR
    will be issued.  Customers are encouraged to upgrade to a later compiler
    version.

  B.  How to alleviate the problem

    The pdnsd daemon should be disabled by running the following commands as
    root:

      # rmitab browser
      # chown root.system /usr/lpp/xlC/browser/pdnsd
      # chmod 0 /usr/lpp/xlC/browser/pdnsd
      # /usr/lpp/xlC/browser/pdnsdkill

III.  Contact Information

Comments regarding the content of this announcement can be directed to:

   security-alert@austin.ibm.com

To request the PGP public key that can be used to encrypt new AIX security
vulnerabilities, send email to security-alert@austin.ibm.com with a subject
of "get key".

If you would like to subscribe to the AIX security newsletter, send a note to
aixserv@austin.ibm.com with a subject of "subscribe Security".  To cancel
your subscription, use a subject of "unsubscribe Security".  To see a list of
other available subscriptions, use a subject of "help".

IBM and AIX are a registered trademark of International Business Machines
Corporation.  All other trademarks are property of their respective holders.
==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).

All CERT-NL material is available under:
  http://www.surfnet.nl/surfnet/security/cert-nl.html
  ftp://ftp.surfnet.nl/surfnet/net-security

In case of computer or network security problems please contact your
local CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet
customer please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

   Email:     cert-nl@surfnet.nl     ATTENDED REGULARLY ALL DAYS
   Phone:     +31 302 305 305        BUSINESS HOURS ONLY
   Fax:       +31 302 305 329        BUSINESS HOURS ONLY
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands

NOODGEVALLEN:    06 52 87 92 82      ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 52 87 92 82      ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.

==============================================================================
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQCVAwUBN70blvE6s6q7Tf4RAQEyEQP9HYlancNUKoLN7Ez9ZatWOI7qJ/nxi5+2
fiAvCZZT0JcrCR5Mz/eXNdi3YXnaSjRWPhKqXZN5M0XLdOP87PJKopuyGxni0lkG
F6k2+5IyJBU5yd87EBe6JYiA5uZwdOdD9cDyDrSe9nMOkJUh/7cPUFlK6B/KyckR
TDhK+g/Ko2Y=
=XJX+
-----END PGP SIGNATURE-----