AIX Security Team identifies vulnerabilities being used to deface AIX boxes

Over the last few days, the IBM AIX Security Team has become aware of a hacker group that has been targeting systems running the AIX operating system, breaking into these systems, and defacing web sites on those systems. The tools being used to accomplish the breakins appear to be those principally written by a Polish hacking crew using the name "Last Stages of Delirium". Similar tools that take advantage of the same vulnerabilities are available from elsewhere, too.

The AIX Security Team have researched as many as we have been aware of software tools that are being used to see if any of the vulnerabilities have or have not been closed under AIX. So far, they have determined that of all the vulnerabilties these tools exploit have been fixed by IBM, dating back to 1996. APARs for all of the vulnerabilities have been available to customers...

IBM AIX Security Notification

Wed, 22 August 2001, 13:50:04 CDT

1. chatmpvc, mkatmpvc, rmatmpvc 4.3, APAR #IY08128
4.2, APAR #IY08288

2. digest 4.3, APAR #IX74599
4.2, APAR #IX76272
4.1, APAR #IX74457

3. dtaction 4.3, APAR #IY02944

4. dtprintinfo 4.3, APAR #IY06367
4.2, APAR #IY06547

5. ftpd 4.3, APAR #IY04477
4.2, APAR #IX85556
4.1, APAR #IX85555

6. nslookup 4.3, APAR #IY02120
4.3, APAR #IX9909

7. pdnsd Associated product out of service;
Customers avised to disable
and/or uninstall.

8. rpc.ttdbserverd 4.3, APAR #IX81442
4.2, APAR #IX81441

9. piobe, piomkapqd 4.3, APAR #IY12638

10. portmir 4.3, APAR #IY07832

11. sdrd SP systems only;
4.3, APAR #IX80724

12. setsenv 4.3, APAR #IY08812

13. telnetd E-fix available;
4.3, IY22029
5.1, IY22021

Affected customers are urged to upgrade the level of their AIX operating
systems and/or apply the APARs listed above to protect their systems.