From: Dave Wootton <dwootton@us...> - 2004-10-08 17:37:18
The following security advisory is applicable to any DPCL installation
configured to use the cluster security services model, as specified in the
/usr/lpp/ppe.dpcl/etc/dpcl.config file for AIX or the
/opt/dpcl/etc/dpcl.config file for Linux.
A vulnerability was discovered in the IBM Reliable Scalable Cluster
Technology (RSCT) program /usr/sbin/rsct/bin/ctstrtcasd. RSCT versions
184.108.40.206 and greater are affected, for both AIX and Linux (on pSeries,
xSeries, iSeries, and zSeries). The vulnerability permits non-privileged
users to create files or overwrite arbitrary system files anywhere in the
file system. This could lead to data destruction or a denial of service.
Any host with an affected version of RSCT installed is vulnerable.
A pSeries advisory/bulletin on this issue is available at:
-Each link loads the same bulletin. The bulletin covers AIX and Linux for
RSCT on pSeries, iSeries, xSeries, and zSeries.
-Viewing pSeries security advisories/bulletins requires an IBM ID. If you
do not have an IBM ID, the links above will load a page that contains a
link to IBM ID information.