IV42933: TFTP CLIENT IS OVER-PRIVILEGED APPLIES TO AIX 6100-08

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • TFTP client is setuid root.
    

Local fix

  • chmod u-s /usr/bin/tftp
    

Problem summary

  • When 'nobody' user tries to put /etc/security/passwd to a local
    file it succeeds in loopback mode.
    

Problem conclusion

  • tftp has been fixed to set proper credentials
    now and also privileges in /etc/security/privcmds have been
    modified to prevent extra privileges.
    

Temporary fix

Comments

  • 6100-06 - use AIX APAR IV40221
    6100-07 - use AIX APAR IV42932
    6100-08 - use AIX APAR IV42933
    6100-09 - use AIX APAR IV42299
    6100-09 - use AIX APAR IV42299
    7100-00 - use AIX APAR IV42934
    7100-01 - use AIX APAR IV42700
    7100-02 - use AIX APAR IV42935
    

APAR Information

  • APAR number

    IV42933

  • Reported component name

    AIX 610 STD EDI

  • Reported component ID

    5765G6200

  • Reported release

    610

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2013-05-21

  • Closed date

    2013-05-21

  • Last modified date

    2013-11-24

  • APAR is sysrouted FROM one or more of the following:

    IV40221

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    AIX 610 STD EDI

  • Fixed component ID

    5765G6200

Applicable component levels

  • R610 PSY U855964

       UP13/08/02 I 1000

PTF to Fileset Mapping



Rate this page:

(0 users)Average rating

Document information


More support for:

AIX Enterprise Edition

Software version:

610

Operating system(s):

AIX

Reference #:

IV42933

Modified date:

2013-11-24

Translate my page

Machine Translation

Content navigation