=============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : CERT-NL (teun nijssen) Index : S-94-05 Distribution : World Page : 1 Classification: External Version: Final Subject : AIX/ESA v2.2 mail queue spooling directory Date : 28-Feb-94 =============================================================================== CERT-NL has received information concerning the default setting of the mail queue spooling directory in AIX/ESA v2.2 systems. By changing this default, the vulnerability can be removed. This vulnerability has only been reported to be present in AIX/ESA v2.2. ----------------------------------------------------------------------------- I. Description The mail queue spooling directory (/var/spool/mqueue) in AIX/ESA v2.2 systems has mode 1777 (world writable) as default. II. Impact This vulnerability allows a local user to gain root access. III. Solution This vulnerability can be removed by changing the mode of /var/spool/mqueue by issuing the following commands: chgrp mail /var/spool/mqueue chmod g+s /var/spool/mqueue chmod o-w /var/spool/mqueue These commands leave the mail system in working order and closes the security hole. --------------------------------------------------------------------------- CERT-NL thanks Harold van Aalderen of SARA for distributing the necessary information and solution. --------------------------------------------------------------------------- ============================================================================== CERT-NL is the Computer Emergency Response Team, located in The Netherlands. CERT-NL is a Full Member of the Forum of Incident Response and Security Teams (FIRST). The constituency of CERT-NL are the SURFnet connected institutions. Past CERT-NL Security Bulletins and other CERT-NL related material can be found on the anonymous FTP server of SURFnet bv: "ftp.nic.surfnet.nl" [192.87.46.3], in the directory "surfnet/net-security/cert-nl/docs/bulletin". This information is also available using email. Send an email saying "help" to "mailserv@nic.surfnet.nl". In case of computer or network security problems please contact CERT-NL or the CERT of your own constituency. Please be aware of the fact that we are one (when DST is in effect two) hour(s) ahead of Universal Time Coordinated (i.e. UTC+0100 (UTC+0200)). Email: cert-nl@surfnet.nl Phone: +31 30 310290 Fax: +31 30 340903 Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands A 7 * 24 hours phone number is available to SURFnet SSC's and FIRST members on request. ==============================================================================