Secunia

Watercloud has reported some vulnerabilities in AIX, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system.

1) A boundary error exists within the "make" utility when handling the argument for the "CC" option, which is used for specifying the compiler that should be used for C compilations. This can be exploited to cause a buffer overflow by supplying an overly long string.

Successful exploitation may grant a malicious, local user "root" group privileges, since the "make" utility reportedly is installed sgid "root" on early versions of AIX 4.3.3.

2+3) Boundary errors exist within the "getlvcb" and "putlvcb" utilities when handling command line options. This can be exploited to cause a buffer overflow by passing an overly long command line option to either of the utilities.

Successful exploitation may grant "root" user privileges to a malicious, local user but requires that the user already has "root" group privileges (e.g. by exploiting the first vulnerability).

According to the vendor, these two vulnerabilities only affect AIX 5.1 and 5.2. However, they were originally reported in version 4.3.2.

4) Certain LVM commands create temporary files insecurely, which can be exploited via symlink attacks to create and overwrite arbitrary files.

According to the vendor, this vulnerability only affects AIX 5.1 and 5.2.

Solution
IBM has issued an efix for vulnerabilities 2,3, and 4 and are planning APAR releases.
Further details available in Customer Area

Provided and/or discovered by
1-3) Watercloud, XFOCUS Team.
4) Reported by vendor.

Changelog
Further details available in Customer Area

Original Advisory
https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=18&ID=281

Deep Links
Links available in Customer Area