Secunia

David Litchfield has reported some vulnerabilities in AIX, which can be exploited by malicious, local users to gain escalated privileges.

1) An unspecified boundary error exists in the suid root "slocal" binary. This can be exploited to cause a buffer overflow, which potentially allows arbitrary code execution with root privileges.

2) An unspecified boundary error exists in the suid root "muxatmd" binary. This can be exploited to cause a buffer overflow, which potentially allows arbitrary code execution with root privileges.

3) An unspecified input validation error exists in the suid root "getShell" and "getCommand" utilities in the WebSM component. This can be exploited to overwrite arbitrary files on the filesystem.

4) An unspecified boundary error exists in the debug malloc tools. This can be exploited to gain root privileges when the tools are used with a suid root executable.

The vulnerabilities have been reported in AIX 5.1, 5.2 and 5.3. Vulnerability #3 and #4 affects only AIX 5.3.

Solution
Apply APARs or Interim Fix when available.
Further details available in Customer Area

Provided and/or discovered by
David Litchfield, NGSSoftware.

Changelog
Further details available in Customer Area

Original Advisory
IBM:
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX51SECUR081516_24
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX52SECUR081515_383
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX53SECUR081514_715
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX51SECUR081515_539
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX52SECUR081514_961
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX53SECUR081511_499
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX53SECUR081512_998
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX53SECUR081514_550

NGSSoftware:
http://www.ngssoftware.com/advisories/aixflaws.txt

Deep Links
Links available in Customer Area