IBM AIX Multiple Device Management Utilities Local Format String Vulnerability
BID:12472
Info
IBM AIX Multiple Device Management Utilities Local Format String Vulnerability
| Bugtraq ID: | 12472 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0240 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 07 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Discovery of this vulnerability is credited to iDEFENSE Labs. |
| Vulnerable: |
IBM AIX 5.3 IBM AIX 5.2 IBM AIX 5.1 |
| Not Vulnerable: | |
Discussion
IBM AIX Multiple Device Management Utilities Local Format String Vulnerability
A format string vulnerability has been discovered in the 'chdev', 'mkdev, and 'rmdev' commands that can be exploited locally.
It is reported by the vendor that this issue may be exploitable locally by a member of the 'system' group in order to gain superuser privileges.
A format string vulnerability has been discovered in the 'chdev', 'mkdev, and 'rmdev' commands that can be exploited locally.
It is reported by the vendor that this issue may be exploitable locally by a member of the 'system' group in order to gain superuser privileges.
Exploit / POC
IBM AIX Multiple Device Management Utilities Local Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
IBM AIX Multiple Device Management Utilities Local Format String Vulnerability
Solution:
The vendor has released an advisory IBM-02-07-2005 to address this vulnerability. Fixes are not yet available, customers are advised to peruse the referenced advisory for further information pertaining to obtaining and applying an appropriate update.
The vendor has released an update to their original advisory. It has been reported that this issue affects the 'mkdev' and 'rmdev' utilities as well as the 'chdev' utilities. Please see the referenced updated advisory for more information.
IBM AIX 5.1
IBM AIX 5.2
IBM AIX 5.3
Solution:
The vendor has released an advisory IBM-02-07-2005 to address this vulnerability. Fixes are not yet available, customers are advised to peruse the referenced advisory for further information pertaining to obtaining and applying an appropriate update.
The vendor has released an update to their original advisory. It has been reported that this issue affects the 'mkdev' and 'rmdev' utilities as well as the 'chdev' utilities. Please see the referenced updated advisory for more information.
IBM AIX 5.1
-
IBM IY67455
http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html -
IBM IY67654
http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html -
IBM IY67741
http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html
IBM AIX 5.2
-
IBM IY67455
http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html -
IBM IY67654
http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html -
IBM IY67741
http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html
IBM AIX 5.3
References
IBM AIX Multiple Device Management Utilities Local Format String Vulnerability
References:
References: