A fix is available
APAR status
Closed as program error.
Error description
The viosecure hls_disrmtcmds rule should disable the rlogin, rsh, rcp and tftp commands by setting the permissions to 000. After applying this rule the permissions for the tftp commands are not changed. $ viosecure -level high -apply -rule hls_disrmtcmds $ ls -l /usr/bin/tftp -r-sr-xr-x 3 root system 39000 Sep 23 2009 /usr/bin/tftp $ ls -l /usr/bin/utftp -r-sr-xr-x 3 root system 39000 Sep 23 2009 /usr/bin/utftp
Local fix
Problem summary
tftp command privileges are not removed with aixpert high level/medium level settings. tftp command shouldn't work when system is operated in secure environment.
Problem conclusion
Change tftp command permissions when high level/medium level settings are enabled with aixpert.
Temporary fix
Comments
5300-11 - use AIX APAR IZ82234 5300-12 - use AIX APAR IZ81799 6100-03 - use AIX APAR IZ93987 6100-04 - use AIX APAR IZ80864 6100-05 - use AIX APAR IZ93475 6100-06 - use AIX APAR IZ93059 6100-06 - use AIX APAR IZ81141 7100-00 - use AIX APAR IZ82111
APAR Information
APAR number
IZ82234
Reported component name
AIX 5.3
Reported component ID
5765G0300
Reported release
530
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Submitted date
2010-08-09
Closed date
2010-08-09
Last modified date
2013-04-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX 5.3
Fixed component ID
5765G0300
Applicable component levels
R530 PSY U837664
UP10/09/20 I 1000
PTF to Fileset Mapping
U837664 bos.aixpert.cmds 5.3.11.4
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11P","label":"APARs - AIX 5.3 environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"530","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
17 April 2013