IBM SP2 sdrd Remote File Download

1998-08-05T00:00:00
ID OSVDB:3037
Type osvdb
Reporter OSVDB
Modified 1998-08-05T00:00:00

Description

Vulnerability Description

IBM SP2 contains a flaw in the "sdrd" daemon which allows remote attackers to retrieve arbitrary files on the System Data Repository (SDR) machine. The flaw is due to a lack of authentication in the sdrd daemon when remote users request files. This allows any remote user to request any file from the remote machine, including configuration files, password files, and more.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Short Description

IBM SP2 contains a flaw in the "sdrd" daemon which allows remote attackers to retrieve arbitrary files on the System Data Repository (SDR) machine. The flaw is due to a lack of authentication in the sdrd daemon when remote users request files. This allows any remote user to request any file from the remote machine, including configuration files, password files, and more.

References:

Vendor Specific Solution URL: ftp://aix.software.ibm.com/aix/efixes/security/sdrd.tar.Z CIAC Advisory: i-079a