TUCoPS :: Unix :: General
:: netsta~1.txt
IBM Network Station 300s exports /tmp to the world via NFS.
[ http://www.rootshell.com/ ]
Date: 1999年1月29日 21:43:51 PST
From: Ryan McRonald <mcronald@NETSCAPE.NET>
Subject: TROJAN: netstation.navio-comm.rte 1.1.0.1
While configuring some IBM Network Station 300s I noticed that my /tmp
directory had become NFS exported and world read/writeable!! I traced
this to one of the configuration scripts that is included in AIX's
netstation.navio-com.rte 1.1.0.1 used for the Navio NC browser.
>From /usr/netstation/bin/Xnav:
1) Magic number is munged ... pet peeve of mine:
+1 # @(#)93 1.3 src/nav/aix/Xnav.cpp, navio, 41navio110
+2 #!/bin/ksh
+3 #
...
2) This part is somewhat problematic:
...
+98 grep "/tmp" /etc/exports > /dev/null 2>&1
+99 if [ $? -ne 0 ]; then
+100 echo "/tmp" >> /etc/exports
+101 /usr/sbin/exportfs -a
+102 fi
...
The fix:
1) Do you have netstation.navio.comm-rte installed?
# lslpp -l netstation.navio-comm-rte
2) Check if /tmp is exported with:
# exportfs
3) If /tmp is exported run:
# /usr/sbin/rmnfsexp -d /tmp -B
This emphasizes the importance of running a regular "sanity" security
audits such as satan or ISS.
regards from a long-tine bugtraq lurker,
Ryan
Site design & layout copyright © 1986-2025 AOH