Archive for February, 2008
AIX 5.3 5300-07 Service Pack 2 Released
Monday, February 11th, 2008
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4112
What is AIX 5300-07-02
Service Packs contain important fixes delivered between Technology Levels. 5300-07-02 is Service Pack 2 for the 5300-07 Technology Level.
How to Obtain AIX 5300-07-02
AIX 5300-07 Service Pack 2 may be obtained from the Fix packs section of the Fix Central web site, or by ordering APAR IZ12316.
Installation Tips
You must have root authority to perform the installation.
Creating a system backup is recommended before starting the installation procedure. Refer to the mksysb command in the AIX 5.3 Commands Reference manual for additional information.
The latest AIX 5.3 installation hints and tips are available from the IBM Subscription Service.
These tips contain important information that should be reviewed prior to installation.
Installation
To install all updates from this package that apply to installed filesets on your system, use the command:
smit update_all
A system reboot is required after the installation completes successfully.
To determine if the 5300-07 Service Pack 2 is installed, use the command:
oslevel -s
The output should indicate 5300-07-02-0806.
AIX OpenSSH creates trusted X11 cookie instead of untrusted
Wednesday, February 6th, 2008AIX OpenSSH creates trusted X11 cookie instead of untrusted
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
IBM SECURITY ADVISORY
First Issued: Tue Feb 5 14:00:03 CST 2008
===============================================================================
VULNERABILITY SUMMARY
VULNERABILITY: AIX OpenSSH creates trusted X11 cookie instead of untrusted
PLATFORMS: AIX 5.2, 5.3, 6.1
SOLUTION: Apply the fix or workaround as described below.
THREAT: Privilege elevation
CERT VU Number: n/a
CVE Number: CVE-2007-4752
===============================================================================
DETAILED INFORMATION
I. DESCRIPTION
OpenSSH could allow a remote attacker to gain elevated
privileges. Trusted X11 cookies are created when untrusted cookies
cannot be created, which could allow an attacker to bypass
security restrictions and gain elevated privileges using an
untrusted X client.
II. PLATFORM VULNERABILITY ASSESSMENT
To determine if your system is vulnerable, execute the following
command:
lslpp -L openssh.base.server
The following fileset levels are vulnerable:
AIX 6.1: all versions less than or equal to 4.5.0.5301
AIX 5.3: all versions less than or equal to 4.5.0.5301
AIX 5.2: all versions less than or equal to 4.5.0.5201
III. FIXES
A fix is available for AIX 6.1 and 5.3. The fix can be downloaded
from:
http://downloads.sourceforge.net/openssh-aix/openssh-4.5p1-r2.tar.Z
A fix for AIX 5.2 is not yet available. Please check this site
for updates:
http://sourceforge.net/projects/openssh-aix
IV. WORKAROUNDS
There are no workarounds.
V. CONTACT INFORMATION
If you would like to receive AIX Security Advisories via email,
please visit:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd
Comments regarding the content of this announcement can be
directed to:
security-alert@austin.ibm.com
To request the PGP public key that can be used to communicate
securely with the AIX Security Team you can either:
A. Send an email with “get key” in the subject line to:
security-alert@austin.ibm.com
B. Download the key from a PGP Public Key Server. The key ID is:
0xA6A36CCC
Please contact your local IBM AIX support center for any
assistance.
eServer is a trademark of International Business Machines
Corporation. IBM, AIX and pSeries are registered trademarks of
International Business Machines Corporation. All other trademarks
are property of their respective holders.
VI. ACKNOWLEDGMENTS
This security vulnerability in OpenSSH was found and fixed by Jan
Pechanec.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (AIX)
iD8DBQFHqNr+8lficKajbMwRAv6SAJ933urcZNdzrPbM6/e+gLOXSyYNaACgieDO
6c+5H9mrC+XvWAjO4aDFXdY=
=yE8j
—–END PGP SIGNATURE—–
Redbook: PowerVM Virtualization on IBM System p Managing and Monitoring
Friday, February 1st, 2008
Interesting redbook released on ‘PowerVM’. This is the first I’ve heard of it, must be some marketing tactics. I hate marketing. =]
http://www.redbooks.ibm.com/redpieces/abstracts/sg247590.html
‘PowerVM™ is a combination of hardware and software that supports and manages the virtual environment s on POWER5™ , POWER5+™ and POWER6™ systems. It can help simplify and optimize your IT infrastructure.’
Chapter 1. Overview
Part 1. PowerVM virtualization management
Chapter 2. Virtual storage management
Chapter 3. Virtual network management
Chapter 4. Virtual I/O Server security
Chapter 5. Virtual I/O Server maintenance
Chapter 6. Dynamic operations
Chapter 7. PowerVM Live Partition Mobility
Chapter 8. System Planning Tool
Chapter 9. Automated management
Chapter 10. High level management
Part 2. PowerVM virtualization monitoring
Chapter 11. Monitoring global system resources allocations
Chapter 12. Monitoring commands on the Virtual I/O Server
Chapter 13. CPU monitoring
Chapter 14. Memory monitoring
Chapter 15. Virtual storage monitoring
Chapter 16. Virtual network monitoring
Chapter 17. AIX performance workbench
Chapter 18. Linux monitoring and useful third party tools
Chapter 19. Virtual I/O Server integration to IBM Tivoli
Appendix A. mkldap manual page
Appendix B. Example script for disc recovery on the AIX virtual client