Multiple vulnerabilities have been identified in IBM AIX, which could be exploited by local attackers to gain elevated privileges.
The first issue is caused by a buffer overflow error in the setuid root program "/usr/sbin/ndp", which could allow malicious users to execute arbitrary code with elevated privileges.
The second vulnerability is caused by a buffer overflow error in the privileged command "/usr/sbin/autoconf6", which could allow malicious users to gain elevated privileges if RBAC (role based access control) is in use and a user has the "aix.network.config.tcpip" authorization.
The third issue is caused by a design error in the privileged command "/usr/bin/enq", which could remove any file on the system if a print queue is defined in "/etc/qconfig".
The fourth vulnerability is caused by an unspecified error in the privileged command "/usr/bin/crontab", which could be exploited by a user who has the "aix.system.config.cron" authorization to gain elevated privileges.
Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
