SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   FTP (Generic) Vendors:   IBM
IBM AIX 'ftpd' Server May Grant Root Access to Remote Users When Using Kerberos Authentication
SecurityTracker Alert ID:  1006455
SecurityTracker URL:  http://securitytracker.com/id/1006455
CVE Reference:   CVE-2003-0170   (Links to External Site)
Date:  Apr 3 2003
Impact:   Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   An authentication vulnerability was reported in IBM's 'ftpd' FTP server daemon for the AIX operating system. A remote user could gain root access on the system if Kerberos 5 is used for authentication.

IBM reported that ftpd does not correctly authenticate a remote user when Kerberos 5 is the configured authentication mechanism. The server also reportedly fails to put the user into their home directory on the FTP server. A remote user can gain root access on the system.

The report indicates that systems that use the standard operating system authentication or DCE authentication methods are not affected.

The 'ftpd' daemon reportedly runs by default.

IBM indicates that this is a flaw in the FTP server itself and does not represent a flaw in Kerberos.

The flaw was reportedly discovered internally by IBM.

Impact:   A remote user could gain root access on the target server.
Solution:   The vendor has released the following fix:

APAR number for AIX 5.2.0: IY42424 (currently available)

The fix can be ordered using Electronic Fix Distribution (http://techsupport.services.ibm.com/rs6k/fixes.html) and can be downloaded from:

http://techsupport.services.ibm.com/server/aix.fdc

Vendor URL:  techsupport.services.ibm.com/server/aix.fixdist?fixes=IY42424&whichFix=APAR (Links to External Site)
Cause:   Authentication error
Underlying OS:  UNIX (AIX)
Underlying OS Comments:  5.2

Message History:   None.


 Source Message Contents

Subject:  IBM AIX ftpd Advisory


------BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IBM SECURITY ADVISORY

First Issued: Thu Mar 27 13:14:45 CST 2003

===========================================================================
                          VULNERABILITY SUMMARY

VULNERABILITY:      ftpd does not correctly authenticate a user.

PLATFORMS:          AIX 5.2

SOLUTION:           Apply the APAR as described below.

THREAT:             A remote attacker can gain root privileges if
                   authenticating using Kerberos 5.

CVE Number:         CAN-2003-0170
===========================================================================
                          DETAILED INFORMATION


I.  Description
===============

ftpd (File Transfer Protocol Daemon) allows users to transfer files between
a host machine and a client using the File Transfer Protocol. A vulnerability
has been discovered that allows a remote user to gain root privileges only
if ftpd is configured to use native Kerberos 5 as its authentication method.
Note that this vulnerability does not affect users who use the standard
operating system method or DCE to authenticate.

ftpd runs on AIX 5.2 by default.

Please note that this vulnerability does not exploit any issues in
Kerberos 5.

II. Impact
==========

A remote attacker can gain root privileges.

This issue was discovered internally. At this time, there are no known
exploits in the wild.


III.  Solutions
===============

A. Official Fix
IBM provides the following fixes:

     APAR number for AIX 5.2.0: IY42424 (currently available)


IV. Obtaining Fixes
===================

IBM AIX APARs may be ordered using Electronic Fix Distribution (via the
FixDist program), or from the IBM Support Center.  For more information
on FixDist, and to obtain fixes via the Internet, please reference

       http://techsupport.services.ibm.com/rs6k/fixes.html

or send email to "aixserv@austin.ibm.com" with the word "FixDist" in the
"Subject:" line.

AIX APARs may also be downloaded from the web from the following URLs.

For 5.2.0 APARs:
         http://techsupport.services.ibm.com/server/aix.fdc

To facilitate ease of ordering all security related APARs for each AIX
release, security fixes are periodically bundled into a cumulative APAR.
For more information on these cumulative APARs including last update and
list of individual fixes, send email to "aixserv@austin.ibm.com" with
the word "subscribe Security_APARs" in the "Subject:" line.


V. Acknowledgments
==================

This document was written by Shiva Persaud.


VI.  Contact Information
========================

Comments regarding the content of this announcement can be directed to:

  security-alert@austin.ibm.com

To request the PGP public key that can be used to encrypt new AIX
security vulnerabilities, send email to security-alert@austin.ibm.com
with a subject of "get key".

If you would like to subscribe to the AIX security newsletter, send a
note to aixserv@austin.ibm.com with a subject of "subscribe Security".
To cancel your subscription, use a subject of "unsubscribe Security".
To see a list of other available subscriptions, use a subject of
"help".

Please contact your local IBM AIX support center for any assistance.

IBM and AIX are a registered trademark of International Business
Machines Corporation.  All other trademarks are property of their
respective holders.
------BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (AIX)

iD8DBQE+iwxkcnMXzUg7txIRAhrqAKCcv6/EYE5ELEUIc7unIpu7JT3vKgCcCQWi
9qpG69XCPaRoajgclav4SGg=
=gtCV
------END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC