Quoting [EMAIL PROTECTED]: > From: "ox" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: rsh bufferoverflow on AIX 4.2 > Date: Tue, 12 Jun 2001 11:40:20 +0800 > Message-ID: <[EMAIL PROTECTED]> > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) > > Hello bugtraq, > > I am sorry if the problem had been found before, that is > bufferoverflow what I found both /usr/bin/rsh and > /usr/lpp/ssp/rcmd/bin/rsh. > Hi, Based on the gdb session you've gave, it appears that this is the same vulnerability as reported to bugtraq back in 1996. It can be fixed by applying one of the following APARs: Abstract: buffer overflow in gethostbyname() 3.2 APAR: IX60927 4.1 APAR: IX61019 4.2 APAR: IX62144 If you have further questions regarding this vulnerability or other AIX security issues, you can reach the AIX security team at: mailto:[EMAIL PROTECTED] -- Troy Bollinger <[EMAIL PROTECTED]> Network Security Analyst PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
