IBM AIX AuditSelect Local Format String Vulnerability

Bugtraq ID:	12496
Class:	Input Validation Error
CVE:	CVE-2005-0250
Remote:	No
Local:	Yes
Published:	Feb 09 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	iDEFENSE Labs is credited with the discovery of this issue.
Vulnerable:	IBM AIX 5.3 IBM AIX 5.2 IBM AIX 5.1
Not Vulnerable:

IBM AIX AuditSelect Local Format String Vulnerability

A local format string vulnerability affects IBM AIX auditselect. This issue is due to a failure of the application to securely implement a formatted printing function.

An attacker may leverage this issue to execute arbitrary code with superuser privileges, ultimately facilitating privilege escalation.

IBM AIX AuditSelect Local Format String Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

IBM AIX AuditSelect Local Format String Vulnerability

Solution:
IBM has made an advisory available dealing with this issue; APAR fixes are pending release. Please see the referenced advisory for more information.


IBM AIX 5.1

• IBM IY67802
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html

IBM AIX 5.2

• IBM IY67472
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html

IBM AIX 5.3

• IBM IY67519
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html

IBM AIX AuditSelect Local Format String Vulnerability

References:

• iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vu (iDEFENSE)
  
• IY67472: AUDITSELECT DOES NOT USE A FORMAT STRING (IBM)
  
• IY67519: AUDITSELECT DOES NOT USE A FORMAT STRING (IBM)
  
• IY67802: AUDITSELECT DOES NOT USE A FORMAT STRING (IBM)