Date: Thu, 28 Mar 2024 06:54:28 -0400 (EDT) Message-ID: <1040359847.465.1711623268855@windcrest.sei.cmu.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_464_722362464.1711623268853" ------=_Part_464_722362464.1711623268853 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
A complete revision history is at the end of this file.
The Computer Emergency Response Team/Coordination Center (CERT/CC) has r= eceived information concerning a vulnerability in the anonymous FTP configu= ration in all versions of AIX.
IBM is aware of this problem and a fix is available as apar number "ix23= 944". This patch is available for all AIX releases from "GOLD".
IBM customers may call IBM Support (800-237-5511) and ask that the fix b= e shipped to them. Patches may be obtained outside the U.S. by contacting y= our local IBM representative. The fix will appear in the upcoming 2009 upda= te and the next release of AIX.
Previous versions of the anonymous FTP installation script, /usr/lpp/tcp= ip/samples/anon.ftp, incorrectly configured various files and directories.<= /p>
Remote users can execute unauthorized commands and gain access to the sy= stem if anonymous FTP has been installed.
The fix contains three files:
The CERT/CC would like to thank Charles McGuire of the Computer Science = Department, the University of Montana for bringing this security vulnerabil= ity to our attention and IBM for their response to the problem.
Copyright 1992 Carnegie Mellon University.
September 19,1997 Attached copyright statement