|CERT-In Vulnerability Note
tsm format string vulnerability in AIX
Original Issue Date:September 22, 2003
Severity Rating: MEDIUM
- AIX 5.2
- All versions of the bos.rte.security fileset on AIX 5.2 up to and including bos.rte.security.22.214.171.124.
tsm format string vulnerability. A remote or local attacker can gain root privileges by exploiting login, passwd and su command.
Any local or remote user can get the root privileges by exploiting login, su and passwd commands
tsm command provides Terminal State Management. This command invokes the terminal state manager, which controls the ports used in the trusted path.
It also verifies the users accounts and identities. Commands like login, passwd and su utilize the services of tsm. A format string vulnerability allows a remote or a local user to gain root privileges by exploiting the login, su and passwd commands.
This problem can be avoided by setting the pwdprompt attribute to a value in etc/security/login.cfg.
To set this attribute edit the login.cfg file and add pwdprompt to the default stanza.
pwdprompt = "Password: "
or by using the following command:
chsec -f /etc/security/login.cfg -s default -a pwdprompt= "Password: "
This vulnerability can be fixed by downloading the following APAR.
APAR number for AIX 5.2: IY47764
IBM SECURITY ADVISORY: Issued on September 15 09:25:56 CDT 2003
This security advisory can be obtained on the www.ibm.com website by subscribing to
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-2436857
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003