AIX frcactrl Insecure File Handling Vulnerability
BID:1152
Info
AIX frcactrl Insecure File Handling Vulnerability
| Bugtraq ID: | 1152 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 26 2000 12:00AM |
| Updated: | Apr 26 2000 12:00AM |
| Credit: | This vulnerability was announced in an ISS advisory on April 26, 2000. |
| Vulnerable: |
IBM AIX 4.3.2 IBM AIX 4.3.1 IBM AIX 4.3 |
| Not Vulnerable: | |
Discussion
AIX frcactrl Insecure File Handling Vulnerability
A vulnerability exists in the frcactrl program, part of the Fast Response Cache Accelerator (FRCA) package, included with AIX 4.3 from IBM. The frcactrl program is shipped setuid root by IBM. If the FRCA kernel module is loaded, it is possible for local users to utilize the frcactrl program to modify files. In doing so, they can manipulate the configuration in such a way as to allow the modification, creation or overwriting of files as root. This in turn could lead to a compromise of the root account on the machine.
A vulnerability exists in the frcactrl program, part of the Fast Response Cache Accelerator (FRCA) package, included with AIX 4.3 from IBM. The frcactrl program is shipped setuid root by IBM. If the FRCA kernel module is loaded, it is possible for local users to utilize the frcactrl program to modify files. In doing so, they can manipulate the configuration in such a way as to allow the modification, creation or overwriting of files as root. This in turn could lead to a compromise of the root account on the machine.
Exploit / POC
AIX frcactrl Insecure File Handling Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
AIX frcactrl Insecure File Handling Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
A suitable work around is to remove the setuid bit from the frcactrl program, and unload the FRCA kernel module:
# /usr/sbin/frcactrl unload ; /usr/sbin/slibclean
# chmod 555 /usr/sbin/frcactrl
IBM AIX 4.3
IBM AIX 4.3.1
IBM AIX 4.3.2
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
A suitable work around is to remove the setuid bit from the frcactrl program, and unload the FRCA kernel module:
# /usr/sbin/frcactrl unload ; /usr/sbin/slibclean
# chmod 555 /usr/sbin/frcactrl
IBM AIX 4.3
-
IBM IY09514
http://service.software.ibm.com/support/rs6000
IBM AIX 4.3.1
-
IBM IY09514
http://service.software.ibm.com/support/rs6000
IBM AIX 4.3.2
-
IBM IY09514
http://service.software.ibm.com/support/rs6000