AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

 View Only

  • 1.  sudo error

    Posted Tue July 16, 2024 09:24 AM

    I just updated from AIX 7200-01-01 to 7200-05-07 and I get an error when I run sudo. lowering the openldap version gets it working, but how do I get sudo working with the version I have?

    # oslevel -s
    7200-05-07-2346

    # rpm -qa | grep sudo
    sudo-1.8.15-2
    bash-4.3# rpm -qa | grep openldap
    openldap-devel-2.4.40-1
    openldap-2.4.44-5

    $ sudo -s
    sudo: error in /etc/sudo.conf, line 0 while loading plugin `sudoers_policy'
    sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Symbol resolution failed for /usr/lib/libldap.a(libldap-2.4.so.2) because:
            Symbol strcmp (number 132) is not exported from dependent
              module /usr/lib/libcrypto.a(libcrypto.so.1.0.2).
            Symbol strncpy (number 158) is not exported from dependent
              module /usr/lib/libcrypto.a(libcrypto.so.1.0.2).
            Symbol strcpy (number 166) is not exported from dependent
              module /usr/lib/libcrypto.a(libcrypto.so.1.0.2).
            Symbol strcat (number 178) is not exported from dependent
              module /usr/lib/libcrypto.a(libcrypto.so.1.0.2).
    Could not load module /opt/freeware/libexec/sudo/sudoers.so.
    System error: Exec format error
    Examine .loader section symbols with the 'dump -Tv' command.
    sudo: fatal error, unable to load plugins



    ------------------------------
    NAOKI CHIKAHARA
    ------------------------------



  • 2.  RE: sudo error

    Posted Tue August 06, 2024 02:07 AM

    You have a openldap which is not from Toolbox. That openldap requires a different openssl rpm. I would recommend to use Toolbox openldap rpm.



    ------------------------------
    Ayappan P
    ------------------------------

    Original Message


  • 3.  RE: sudo error

    Posted Fri October 11, 2024 02:30 PM

    Good day, 

    I have experienced a similar issue as this after patching LPARs to 7200-05-07-2346 and applying the openssl patch (openssl_fix42) for vulnerability, AIX is vulnerable to arbitrary code execution (CVE-2024-4741) and denial of service (CVE-2024-5535, CVE-2024-4603) due to OpenSSL. 

    I have two lpars running the same version of sudo and openldap. One works, the other does not when you run 'sudo', 'sudo -l' or 'sudo -s' 

    1st LPAR - Not working: 

    # rpm -qa | grep sudo
    sudo-1.9.15p5-1.ppc
    #  rpm -qa | grep openldap
    openldap-2.5.16-1.ppc

    # sudo -s
    sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
    sudo: unable to load /opt/freeware/libexec/sudo/sudoers.a(sudoers.so):  0509-130 Symbol resolution failed for /opt/freeware/lib/libssl.a(libssl.so.1.1) because:
            0509-136   Symbol SRP_Verify_B_mod_N (number 380) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-136   Symbol SRP_check_known_gN_param (number 381) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-136   Symbol SRP_get_default_gN (number 382) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-136   Symbol SRP_Calc_server_key (number 383) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-136   Symbol SRP_Calc_B (number 384) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-136   Symbol SRP_Verify_A_mod_N (number 385) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-021 Additional errors occurred but are not reported.
            0509-192 Examine .loader section symbols with the
                     'dump -Tv' command.
    sudo: fatal error, unable to load plugins

    # lslpp -L | grep -i openssl
      openssl.base           3.0.13.1000    CE    F    Open Secure Socket Layer
      openssl.license        3.0.13.1000    C     F    Open Secure Socket License
      openssl.man.en_US      3.0.13.1000    C     F    Open Secure Socket Layer

    2nd LPAR - Working 

    # sudo -s
    #

    # rpm -qa | grep sudo
    sudo-1.9.15p5-1.ppc
    #  rpm -qa | grep openldap
    openldap-2.5.16-1.ppc

    # lslpp -L | grep -i openssl
      openssl.base           3.0.13.1000    CE    F    Open Secure Socket Layer
      openssl.license        3.0.13.1000    C     F    Open Secure Socket License
      openssl.man.en_US      3.0.13.1000    C     F    Open Secure Socket Layer

    Any insight would be appreciate. 

    thanks, 

    Jon 



    ------------------------------
    Jon Judge
    ------------------------------

    Original Message


  • 4.  RE: sudo error

    Posted Mon October 14, 2024 01:56 AM

    "/opt/freeware/lib/libssl.a" is getting loaded here. Looks like there is an incompatible openssl rpm (or libraries ) present in the machine. Please remove the openssl rpm. If openssl rpm is not installed, then remove /opt/freeware/lib/libssl.a ( and /opt/freeware/lib/libcrypto.a) as they might be left over libraries from improper uninstallation. 



    ------------------------------
    Ayappan P
    ------------------------------

    Original Message


Related Content