|
|
>> IBM AIX Utilities Arguments Handling Privilege Escalation Vulnerabilities
|
Multiple vulnerabilities have been identified in IBM AIX, which could be exploited by local attackers to obtain elevated privileges. These issues are caused by buffer overflow and insecure file permissions within the "bellmail", "crontab", "dig", "ftp", "lquerypv", "lqueryvg", "swcons", "tftp" and "xfs" utilities when processing user-supplied arguments, which could be exploited by malicious users to execute arbitrary code with "root" privileges.
Affected Products
IBM AIX 5.2
IBM AIX 5.3
Solution
Apply interim fixes :
ftp://aix.software.ibm.com/aix/efixes/security/bellmail_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/crontab_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/ftp_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/lquerypv_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/lqueryvg_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/tftp_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/xfs_ifix.tar
IBM AIX 5.2.0 - Apply APARs IZ05066, IZ04832, IZ05017, IZ05487, IZ05877, IZ05349, IZ03055, IZ03054 and IZ06001.
IBM AIX 5.3.0 - Apply APARs IZ05065 (available approx. 11/27/2007), IZ05488 (available approx. 11/27/2007), IZ05971 (available approx. 11/27/2007), IZ05129 (available approx. 11/27/2007), IZ03061, IZ03060, and IZ06648 (available approx. 11/27/2007).
References
http://www.vupen.com/english/advisories/2007/3669
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=1&heading=AIX52&topic=SECURITY&month=200710
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=617
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=616
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=615
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=614
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=612
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
Credits
Vulnerabilities reported by the vendor, Joshua J. Drake (VeriSign iDefense Labs), Sean Larsson (VeriSign iDefense Labs) and Alex DeLarge.
ChangeLog
2007-10-31 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
