ISS X-Force Database: ctstrtcasd-file-overwrite(17514): IBM ctstrtcasd file overwrite

IBM ctstrtcasd file overwrite

ctstrtcasd-file-overwrite (17514)

Low Risk

Description:

ctstrtcasd could allow a local attacker to corrupt arbitrary files on the system. A local attacker could specify the -f option and insert 65,636 bytes of application trace data to overwrite existing files on the system with root privileges or to create non-existent files. A local attacker could exploit this vulnerability to cause a denial of service by causing damage to the system or by consuming all available hard disk space.

Platforms Affected:

IBM, AIX 5.2
IBM, AIX 5.3

Remedy:

For IBM AIX 5.2:
No remedy available as of September 2004.

For IBM AIX 5.3:
Apply APAR IY61770 patch, available from the IBM Technical Support Web site. See References.

For Tivoli System Automation for Linux 1.1:
Apply the work around as listed in IBM Managed Security Services Outside Advisory Redistribution MSS-OAR-E01-2004:1480.1. See References.

For IBM Tivoli System Automation for Multiplatforms 1.2:
Apply the work around as listed in IBM Managed Security Services Outside Advisory Redistribution MSS-OAR-E01-2004:1480.1. See References.

For CSM PTF 1.4.0.3:
No remedy available as of September 2004.

For HMC PTF U800398 for HMC Version Release 3.0, 3.1, and 3.2:
No remedy available as of September 2004.

For HMC PTF MH00148 for HMC Version 4 Release 1.0 and 2.0:
No remedy available as of September 2004.

For General Parallel File System (GPFS):
No remedy available as of September 2004.

Consequences:

Denial of Service

References:

BugTraq Mailing List, Mon Sep 27 2004 - 15:28:38 CDT T, iDEFENSE Security Advisory 09.27.04 - IBM AIX ctstrtcasd Local File Corruption Vulnerability at http://archives.neohapsis.com/archives/bugtraq/2004-09/0350.html.
IBM AIX APAR IY61770, IY61770: MISC SERVICE UPDATES at http://www-1.ibm.com/support/docview.wss?rs=0&q1=IY61770&uid=isg1IY61770&loc=en_US&cs=utf-8&cc=us&lang=en.
BID-11264: IBM CTSTRTCASD Utility Local File Corruption Vulnerability
CVE-2004-0828: The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.
SA12664: IBM Products ctstrtcasd Local File Corruption Vulnerability
SECTRACK ID: 1011429: IBM Reliable Scalable Cluster Technology (RSCT) Lets Local Users Corrupt Files

Reported:

Sep 27, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page