|
AIX Multiple Privilege Escalation Vulnerabilities
|
|
Secunia Advisory:
|
SA11158
|
|
|
Release Date:
|
2004-03-22
|
|
Last Update:
|
2004-04-29
|
|
Popularity:
|
8,967 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | AIX 4.x
AIX 5.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Watercloud has reported some vulnerabilities in AIX, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system.
1) A boundary error exists within the "make" utility when handling the argument for the "CC" option, which is used for specifying the compiler that should be used for C compilations. This can be exploited to cause a buffer overflow by supplying an overly long string.
Successful exploitation may grant a malicious, local user "root" group privileges, since the "make" utility reportedly is installed sgid "root" on early versions of AIX 4.3.3.
2+3) Boundary errors exist within the "getlvcb" and "putlvcb" utilities when handling command line options. This can be exploited to cause a buffer overflow by passing an overly long command line option to either of the utilities.
Successful exploitation may grant "root" user privileges to a malicious, local user but requires that the user already has "root" group privileges (e.g. by exploiting the first vulnerability).
According to the vendor, these two vulnerabilities only affect AIX 5.1 and 5.2. However, they were originally reported in version 4.3.2.
4) Certain LVM commands create temporary files insecurely, which can be exploited via symlink attacks to create and overwrite arbitrary files.
According to the vendor, this vulnerability only affects AIX 5.1 and 5.2.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
20th Nov, 2009
|
New advisories:
|
9 |
|
New vulnerabilities:
|
25 |
|
Updated advisories:
|
10 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
19th Nov, 2009
|
New advisories:
|
23 |
|
New vulnerabilities:
|
35 |
|
Updated advisories:
|
29 |
|
|
|
|
 Solutions | More...
|
|
