Thank you to all respondants re the above, especially Troy from IBM who
has raised a defect, responded very quickly and has offered a temporary
patch, definatly an excellent responce. The problem seems to be
with the declaration of the port being short rather than unsigned short.
Negative values for -P do not work as a few people suggested.
Security bugs with AIX should be addressed to
[EMAIL PROTECTED]
This, in the experience of myself and others who replied is much faster
method of getting security related problems fixed.
Thanks again,
Brum
On Tue, 26 Oct 1999, Troy A. Bollinger wrote:
> Quoting Brumbles ([EMAIL PROTECTED]):
> >
> > I have tried unsuccessfully to get any response from IBM on the following,
> > apparently unless you have a support contract you cant report bugs..
> > (well.. you can.. "Program Services", but thats a link to /dev/null
> > apparently.)
>
> You can always send new AIX vulnerabilities to the
> [EMAIL PROTECTED] mail address.
>
> > AixLevel AIX4.3.2
> > Packet Filtering Module, in particular the command genfilt does not allow
> > the addition of filters with port numbers greater than 32767
> >
>
> I've opened defect 289790 to address this. It appears to be caused by
> using a "short" instead of an "unsigned short" for the port number.
>
> --
> Troy Bollinger [EMAIL PROTECTED]
> AIX Security Development [EMAIL PROTECTED]
> PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
>
