AIX Open Source

 View Only

  • 1.  sudo error

    Posted Tue July 16, 2024 09:24 AM

    I just updated from AIX 7200-01-01 to 7200-05-07 and I get an error when I run sudo. lowering the openldap version gets it working, but how do I get sudo working with the version I have?

    # oslevel -s
    7200-05-07-2346

    # rpm -qa | grep sudo
    sudo-1.8.15-2
    bash-4.3# rpm -qa | grep openldap
    openldap-devel-2.4.40-1
    openldap-2.4.44-5

    $ sudo -s
    sudo: error in /etc/sudo.conf, line 0 while loading plugin `sudoers_policy'
    sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Symbol resolution failed for /usr/lib/libldap.a(libldap-2.4.so.2) because:
            Symbol strcmp (number 132) is not exported from dependent
              module /usr/lib/libcrypto.a(libcrypto.so.1.0.2).
            Symbol strncpy (number 158) is not exported from dependent
              module /usr/lib/libcrypto.a(libcrypto.so.1.0.2).
            Symbol strcpy (number 166) is not exported from dependent
              module /usr/lib/libcrypto.a(libcrypto.so.1.0.2).
            Symbol strcat (number 178) is not exported from dependent
              module /usr/lib/libcrypto.a(libcrypto.so.1.0.2).
    Could not load module /opt/freeware/libexec/sudo/sudoers.so.
    System error: Exec format error
    Examine .loader section symbols with the 'dump -Tv' command.
    sudo: fatal error, unable to load plugins



    ------------------------------
    NAOKI CHIKAHARA
    ------------------------------



  • 2.  RE: sudo error

    Posted Tue August 06, 2024 02:07 AM

    You have a openldap which is not from Toolbox. That openldap requires a different openssl rpm. I would recommend to use Toolbox openldap rpm.



    ------------------------------
    Ayappan P
    ------------------------------

    Original Message


  • 3.  RE: sudo error

    Posted Fri October 11, 2024 02:30 PM

    Good day, 

    I have experienced a similar issue as this after patching LPARs to 7200-05-07-2346 and applying the openssl patch (openssl_fix42) for vulnerability, AIX is vulnerable to arbitrary code execution (CVE-2024-4741) and denial of service (CVE-2024-5535, CVE-2024-4603) due to OpenSSL. 

    I have two lpars running the same version of sudo and openldap. One works, the other does not when you run 'sudo', 'sudo -l' or 'sudo -s' 

    1st LPAR - Not working: 

    # rpm -qa | grep sudo
    sudo-1.9.15p5-1.ppc
    #  rpm -qa | grep openldap
    openldap-2.5.16-1.ppc

    # sudo -s
    sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
    sudo: unable to load /opt/freeware/libexec/sudo/sudoers.a(sudoers.so):  0509-130 Symbol resolution failed for /opt/freeware/lib/libssl.a(libssl.so.1.1) because:
            0509-136   Symbol SRP_Verify_B_mod_N (number 380) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-136   Symbol SRP_check_known_gN_param (number 381) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-136   Symbol SRP_get_default_gN (number 382) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-136   Symbol SRP_Calc_server_key (number 383) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-136   Symbol SRP_Calc_B (number 384) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-136   Symbol SRP_Verify_A_mod_N (number 385) is not exported from
                       dependent module /usr/lib/libcrypto.a(libcrypto.so.1.1).
            0509-021 Additional errors occurred but are not reported.
            0509-192 Examine .loader section symbols with the
                     'dump -Tv' command.
    sudo: fatal error, unable to load plugins

    # lslpp -L | grep -i openssl
      openssl.base           3.0.13.1000    CE    F    Open Secure Socket Layer
      openssl.license        3.0.13.1000    C     F    Open Secure Socket License
      openssl.man.en_US      3.0.13.1000    C     F    Open Secure Socket Layer

    2nd LPAR - Working 

    # sudo -s
    #

    # rpm -qa | grep sudo
    sudo-1.9.15p5-1.ppc
    #  rpm -qa | grep openldap
    openldap-2.5.16-1.ppc

    # lslpp -L | grep -i openssl
      openssl.base           3.0.13.1000    CE    F    Open Secure Socket Layer
      openssl.license        3.0.13.1000    C     F    Open Secure Socket License
      openssl.man.en_US      3.0.13.1000    C     F    Open Secure Socket Layer

    Any insight would be appreciate. 

    thanks, 

    Jon 



    ------------------------------
    Jon Judge
    ------------------------------

    Original Message


  • 4.  RE: sudo error

    Posted Mon October 14, 2024 01:56 AM

    "/opt/freeware/lib/libssl.a" is getting loaded here. Looks like there is an incompatible openssl rpm (or libraries ) present in the machine. Please remove the openssl rpm. If openssl rpm is not installed, then remove /opt/freeware/lib/libssl.a ( and /opt/freeware/lib/libcrypto.a) as they might be left over libraries from improper uninstallation. 



    ------------------------------
    Ayappan P
    ------------------------------

    Original Message