TUCoPS :: Unix :: Various Flavours :: netstat.htm

Netstat - unprivileged users can clear netstat statistics!
Vulnerability

    netstat

Affected

    AIX 4.x.x

Description

    Alex Medvedev  found following.   aix versions  4.x.x will  let  a
    non-priveledged user clear the network interface statistics,  thus
    annoying  system  administrators  and  interfering with the system
    scripts that depend on those numbers.

        $ netstat -in --> shows stats
        $ netstat -Zi --> clears them without checking the uid

Solution

    The fix  for this  problem is  still in  the testing  phase.  When
    released, customers can order the following APAR:

        4.3.x APAR: IY12147

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH