Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: Various Flavours :: cert0034.txt

IBM AIX TFTP Daemon vulnerability





-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
CA-91:19                        CERT Advisory
                              October 17, 1991
                        AIX TFTP Daemon Vulnerability

- ---------------------------------------------------------------------------

The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a vulnerability in the TFTP daemon in
all versions of AIX for IBM RS/6000 machines.

IBM is aware of this problem and a fix is available as apar number "ix22628".
This patch is available for all AIX releases from "GOLD" to the current
release.

NOTE: THIS IS AN UPDATED PATCH FROM ONE RECENTLY MADE AVAILABLE and fixes
a security hole in the original patch.  The SCCS id of the correct patch
is tftpd.c 1.13.1.3 (*not* 1.13.1.2 or earlier versions).  This can be 
checked using the following "what" command.

    % what /etc/tftpd
    /etc/tftpd:
       56      1.13.1.3  tftpd.c, tcpip, tcpip312 10/10/91 09:01:48
       tftpsubs.c      1.2  com/sockcmd/tftpd,3.1.2,9048312 10/8/89 17:40:55

IBM customers may call IBM Support (800-237-5511) and ask that the fix
be shipped to them.  The fix will appear in the upcoming 2009 update
and the next release of AIX.

- ---------------------------------------------------------------------------

I.   Description

     Previous versions of tftpd did not provide a method for restricting 
     TFTP access.

II.  Impact

     If TFTP is enabled at your site, anyone on the Internet can retrieve
     copies of your site's world-readable files, such as /etc/passwd.

III. Solution
        
     A. Sites that do not need to allow tftp access should disable it.
	This can be done by editing /etc/inetd.conf and deleting or
	commenting out the tftpd line:

	#tftp     dgram     udp    wait    nobody  /etc/tftpd     tftpd -n

	and then, as root, restarting inetd with the "refresh" command.

	    # refresh -s inetd

	For more details on starting/stopping tftp, refer to documentation
	for the System Resource Controller (SRC) or the System Management
	Interface Tool (SMIT).

     B. Sites that must run tftpd (for example, to support X terminals)
	should obtain and install the above patch AND create a
	/etc/tftpaccess.ctl file to restrict the files that are accessible.
        The /etc/tftpaccess.ctl file should be writable only by root.
	Although the new /etc/tftpaccess.ctl mechanism provides a very general
	capability, the CERT/CC strongly recommends that sites keep this
	control file simple.  For example, the following tftpaccess.ctl file
	is all that is necessary to support IBM X terminals:

	# /etc/tftpaccess.ctl
	# By default, all files are restricted if /etc/tftpaccess.ctl exists.
	# Allow access to X terminal files.
	allow:/usr/lpp/x_st_mgr/bin

	NOTE: Be CERTAIN to create the /etc/tftpaccess.ctl file.
	If it does not exist then all world-readable files are accessible
	as in the current version of tftpd.

        Installation Instructions:

        1.  Create an appropriate /etc/tftpaccess.ctl file.

        2.  From the directory containing the new tftpd module, issue
            the following commands as root.
        
            # chmod 644 /etc/tftpaccess.ctl
            # chown root.system /etc/tftpaccess.ctl
	    # mv /etc/tftpd /etc/tftpd.old
	    # cp tftpd /etc
	    # chmod 755 /etc/tftpd
	    # chown root.system /etc/tftpd
	    # refresh -s inetd

- ---------------------------------------------------------------------------
The CERT/CC wishes to thank Karl Swartz of the Stanford Linear Accelerator
Center for bringing this vulnerability to our attention.
- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact CERT/CC via
telephone or e-mail.

Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.org
Telephone: 412-268-7090 24-hour hotline:
           CERT/CC personnel answer 7:30a.m.-6:00p.m. EST/EDT,
           on call for emergencies during other hours.

Past advisories and other computer security related information are available
for anonymous ftp from the cert.org (192.88.209.5) system.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaMwznVP+x0t4w7BAQERFgP/bGMGTnf/Kkcd80VfEyzDm1LpJcskHDin
W+OqqbUrX/SZ1CNpjh/Yp395fZy4jAZKzVzYxIKhML0XHdAGYWsSBKQmZUhW6fkB
sXKlbi2P0jFqVzfMuIuzuT+3p+6REm432PNOpJVndrd361SdgS6qtlmLjmwt0dCU
e5JKsJUtjcU=
=yuEL
-----END PGP SIGNATURE-----



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH