IBM AIX Runtime Linker Search Path Vulnerability
BID:1059
Info
IBM AIX Runtime Linker Search Path Vulnerability
| Bugtraq ID: | 1059 |
| Class: | Environment Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 14 2000 12:00AM |
| Updated: | Mar 14 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on March 14, 2000 by Gregory Neil Shapiro <[email protected]> |
| Vulnerable: |
IBM AIX 5.1 L IBM AIX 4.3.3 IBM AIX 4.3.2 IBM AIX 4.3.1 IBM AIX 4.3 IBM AIX 4.2.1 IBM AIX 4.2 IBM AIX 4.1.5 IBM AIX 4.1.4 IBM AIX 4.1.3 IBM AIX 4.1.2 IBM AIX 4.1.1 IBM AIX 4.1 IBM AIX 5.2 IBM AIX 5.1 |
| Not Vulnerable: | |
Exploit / POC
IBM AIX Runtime Linker Search Path Vulnerability
An example given by the poster of this problem cites the /usr/bin/imnsecd program as being setgid, and having the current directory ('.') as the first place it looks in its library search path. By creating a libc.so in the current directory, calls made by imnsecd can be intercepted, and alternate commands run. This could lead to the compromise of the group imnsecd runs as.
An example given by the poster of this problem cites the /usr/bin/imnsecd program as being setgid, and having the current directory ('.') as the first place it looks in its library search path. By creating a libc.so in the current directory, calls made by imnsecd can be intercepted, and alternate commands run. This could lead to the compromise of the group imnsecd runs as.
References
IBM AIX Runtime Linker Search Path Vulnerability
References:
References:
- AIX Fix Distribution Service (IBM)
- Darren Tucker's OpenSSH Page (Darren Tucker)
- IBM Support Databases (IBM)
- OpenSSH Project Homepage (OpenSSH)
- Portable OpenSSH: Dangerous AIX linker Behavior - NOT! (IBM)
- Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) (Damien Miller
) - Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) ([email protected])
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) (Darren Tucker
) - Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) (Darren Tucker
) - Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) (Shiva Persaud
)