|
 |
|
IBM AIX Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA29349
|
|
|
Release Date:
|
2008-03-12
|
|
Last Update:
|
2008-04-01
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
Exposure of system information
Exposure of sensitive information
Privilege escalation
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Workaround
|
|
| OS: | AIX 5.x
AIX 6.x
|
|
| | CVE reference: | CVE-2008-1593 (Secunia mirror)
CVE-2008-1594 (Secunia mirror)
CVE-2008-1595 (Secunia mirror)
CVE-2008-1597 (Secunia mirror)
CVE-2008-1598 (Secunia mirror)
CVE-2008-1599 (Secunia mirror)
CVE-2008-1600 (Secunia mirror)
|
|
|
|
|
|
Description:
Some vulnerabilities are reported in IBM AIX, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information, or to gain escalated privileges.
1) The problem is that a 64-bit process, which is restarted via the checkpoint and restart feature, gains read and write access to certain areas of kernel memory. This can be exploited to execute arbitrary code.
2) An unspecified error can be exploited to crash remote nodes of a concurrent volume group, when a single node reduces the size of a JFS2 filesystem residing on the concurrent volume group.
3) The problem is that the proc filesystem does not enforce directory access controls correctly when the permission on a directory is more restrictive than permission on the currently-executing file in that directory.
4) Unspecified errors in some WPAR specific system calls can potentially be exploited to cause a DoS.
5) An unspecified error can be exploited by a user with privileges to run "ProbeVue" to disclose arbitrary kernel memory.
6) An unspecified error when handling environment variables within the "atmstat", "entstat", "fddistat", "hdlcstat", and "tokstat" commands of the "nddstat" family can be exploited to execute arbitrary code with root privileges.
7) An unspecified error when handling environment variables within the "lsmcode" command can be exploited to execute arbitrary code with root privileges.
The vulnerabilities are reported in AIX 5.2, 5.3, and 6.1.
Solution:
Apply interim fixes or APARs as soon as they become available.
ftp://aix.software.ibm.com/aix/efixes/security/kernel_fix.tar (2008-03-26)
-- APARs --
AIX 5.2.0:
Apply the following APARs.
* IZ16992
* IZ16991
* IZ15276
AIX 5.3.0:
Apply the following APARs:
* IZ17111 (available approximately 3/17/2008)
* IZ17058 (available approximately 3/17/2008)
* IZ15100
AIX 5.3.7:
Apply the following APARs:
* IZ11820 (available approximately 3/17/2008)
* IZ17059 (available approximately 3/17/2008)
* IZ15057
AIX 6.1.0:
Apply the following APARs:
* IZ12794
* IZ16975
* IZ15277
Changelog:
2008-03-27: Updated "Solution". The vendor has issued an updated version of the interim fix on 2008-03-26.
2008-03-31: Added links to "Original Advisory" section.
2008-04-01: Added CVE reference.
Original Advisory:
IBM:
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4153
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4154
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4155
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4156
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4157
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4158
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4159
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4160
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4161
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4184
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4185
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4186
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
94 Related Secunia Security Advisories, displaying 10
|
|
|
1. IBM AIX "usr/sbin/chnfsmnt" Vulnerability
|
|
2. IBM AIX "reboot" Buffer Overflow Vulnerability
|
|
3. AIX "man" Insecure Program Execution Vulnerability
|
|
4. IBM AIX libc "inet_network()" Off-By-One Vulnerability
|
|
5. IBM AIX X Server Multiple Vulnerabilities
|
|
6. IBM AIX Pegasus CIM Server for Director Vulnerabilities
|
|
7. IBM AIX Multiple Vulnerabilities
|
|
8. IBM AIX Trusted Execution Vulnerability
|
|
9. IBM AIX Perl Regular Expressions Unicode Data Buffer Overflow
|
|
10. IBM AIX Multiple Unspecified Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
