BID:12415

IBM AIX NIS Client Unspecified Remote Code Execution Vulnerability

Info

IBM AIX NIS Client Unspecified Remote Code Execution Vulnerability

Bugtraq ID:	12415
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Feb 01 2005 12:00AM
Updated:	Feb 01 2005 12:00AM
Credit:	The discoverer of this issue is currently unknown. This vulnerability was reported by the vendor.
Vulnerable:	IBM AIX 5.3

Not Vulnerable:

Discussion

IBM AIX NIS Client Unspecified Remote Code Execution Vulnerability

IBM AIX NIS client is reported prone to a remote arbitrary code execution vulnerability. This issue may allow remote attackers to gain unauthorized access to a vulnerable computer in the context of the user running the affected application.

IBM AIX 5.3 is reported vulnerable to this issue.

This BID will be updated when more information is available.

Exploit / POC

IBM AIX NIS Client Unspecified Remote Code Execution Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

IBM AIX NIS Client Unspecified Remote Code Execution Vulnerability

Solution:
IBM has released an efix to address this issue in AIX 5.3.

IBM AIX 5.3

IBM nis_efix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/nis_efix.tar.Z

IBM IY67248
http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html

References

IBM AIX NIS Client Unspecified Remote Code Execution Vulnerability

References:

AIX Homepage (IBM)
IY67248: LIBS IMPROPERLY HANDLES NIS CONFIGURATION (IBM)