VUPEN Security - IBM AIX Multiple Privilege Escalation and Security Bypass Vulnerabilities / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> IBM AIX Multiple Privilege Escalation and Security Bypass Vulnerabilities

Title : IBM AIX Multiple Privilege Escalation and Security Bypass Vulnerabilities
VUPEN ID : VUPEN/ADV-2008-0865
CVE ID : CVE-2008-1593 - CVE-2008-1594 - CVE-2008-1595 - CVE-2008-1596 - CVE-2008-1597 - CVE-2008-1598 - CVE-2008-1599 - CVE-2008-1600 - CVE-2008-1601
Rated as : Moderate Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-03-12

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Multiple vulnerabilities have been identified in IBM AIX, which could be exploited by local attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or obtain elevated privileges.

The first issue is caused by an error when restarting a 64-bit process via the checkpoint, which could cause the restart feature to gain read and write access to certain areas of kernel memory, resulting in execution of arbitrary code.

The second vulnerability is caused by an error when a single node reduces the size of a JFS2 filesystem residing on a concurrent volume group, which could cause remote nodes of the concurrent volume group to crash, resulting in a denial of service.

The third vulnerability is caused by an error in the proc filesystem that does not enforce directory access controls correctly when the permission on a directory is more restrictive than permission on the currently executing file in that directory, which could be exploited to gain knowledge of sensitive information.

The fourth issue is caused by an error in Trusted Execution that fails to protect files when the modifications are made via hard links, which could be exploited by malicious users to manipulate certain data.

The fifth vulnerability is caused by unspecified errors in certain WPAR specific system calls, which could cause a denial of service.

The sixth issue is caused by an error when running ProbeVue, which could be exploited by authorized users to read from any kernel memory address.

The seventh vulnerability is caused by errors in the nddstat family of commands ("/usr/sbin/atmstat", "/usr/sbin/entstat", "/usr/sbin/fddistat","/usr/sbin/hdlcstat" and "/usr/sbin/tokstat") when handling environment variables, which could be exploited by local attackers to execute arbitrary code with "root" privileges".

The eighth issue is caused by an error in the "/usr/sbin/lsmcode" command when handling environment variables, which could be exploited by local attackers to execute arbitrary code with "root" privileges".

The ninth vulnerability is caused by a buffer overflow error in the "/usr/sbin/reboot" command when processing malformed arguments, which could allow a local attacker in the shutdown group to execute arbitrary code with "root" privileges.

Affected Products

IBM AIX 5.2.0
IBM AIX 5.3.0
IBM AIX 5.3.7
IBM AIX 6.1.0

Solution

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-07-06

Microsoft Windows 0-Day
Flaw Exploited in the Wild

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

More Informations