Original issue date: October 17, 1991<Br>
Last revised: September 18, 1997<BR>
Attached copyright statement
<P>A complete revision history is at the end of this file.
<P>The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a vulnerability in the TFTP daemon in
all versions of AIX for IBM RS/6000 machines.
<P>IBM is aware of this problem and a fix is available as apar number "ix22628".
This patch is available for all AIX releases from "GOLD" to the current
release.
<P>NOTE: THIS IS AN UPDATED PATCH FROM ONE RECENTLY MADE AVAILABLE and fixes
a security hole in the original patch. The SCCS id of the correct patch
is tftpd.c 1.13.1.3 (*not* 1.13.1.2 or earlier versions). This can be
checked using the following "what" command.
<PRE>
% what /etc/tftpd
/etc/tftpd:
56 1.13.1.3 tftpd.c, tcpip, tcpip312 10/10/91 09:01:48
tftpsubs.c 1.2 com/sockcmd/tftpd,3.1.2,9048312 10/8/89 17:40:55
</PRE>
IBM customers may call IBM Support (800-237-5511) and ask that the fix
be shipped to them. The fix will appear in the upcoming 2009 update
and the next release of AIX.
<P>
<HR>
<H2>I. Description</H2>
Previous versions of tftpd did not provide a method for restricting
TFTP access.
<H2>II. Impact</H2>
If TFTP is enabled at your site, anyone on the Internet can retrieve
copies of your site's world-readable files, such as /etc/passwd.
<H2>III. Solution</H2>
<H3>A. Sites that do not need to allow tftp access should disable it.</H3>
This can be done by editing /etc/inetd.conf and deleting or
commenting out the tftpd line:
<PRE>
#tftp dgram udp wait nobody /etc/tftpd tftpd -n
</PRE>
and then, as root, restarting inetd with the "refresh" command.
<PRE>
# refresh -s inetd
</PRE>
For more details on starting/stopping tftp, refer to documentation
for the System Resource Controller (SRC) or the System Management
Interface Tool (SMIT).
<H3>B. Sites that must run tftpd (for example, to support X terminals) should obtain and install the above patch AND create a /etc/tftpaccess.ctl file to restrict the files that are accessible.</H3>
The /etc/tftpaccess.ctl file should be writable only by root.
Although the new /etc/tftpaccess.ctl mechanism provides a very general
capability, the CERT/CC strongly recommends that sites keep this
control file simple. For example, the following tftpaccess.ctl file
is all that is necessary to support IBM X terminals:
<PRE>
# /etc/tftpaccess.ctl
# By default, all files are restricted if /etc/tftpaccess.ctl exists.
# Allow access to X terminal files.
allow:/usr/lpp/x_st_mgr/bin
</PRE>
NOTE: Be CERTAIN to create the /etc/tftpaccess.ctl file.<BR>
If it does not exist then all world-readable files are accessible
as in the current version of tftpd.
<P>Installation Instructions:
<OL>
<H4><LI> Create an appropriate /etc/tftpaccess.ctl file.</H4>
<P>
<H4><LI> From the directory containing the new tftpd module, issue the following commands as root.</H4>
<PRE>
# chmod 644 /etc/tftpaccess.ctl
# chown root.system /etc/tftpaccess.ctl
# mv /etc/tftpd /etc/tftpd.old
# cp tftpd /etc
# chmod 755 /etc/tftpd
# chown root.system /etc/tftpd
# refresh -s inetd
</PRE>
</OL>
<HR>
<P>The CERT/CC wishes to thank Karl Swartz of the Stanford Linear Accelerator
Center for bringing this vulnerability to our attention.
<!--#include virtual="/include/footer_nocopyright.html" -->
<P>Copyright 1991 Carnegie Mellon University.</P>
<HR>
Revision History
<PRE>
September 18,1997 Attached Copyright Statement
</PRE> |