BID:1660

AIX netstat -Z Statistic Clearing Vulnerability

Info

AIX netstat -Z Statistic Clearing Vulnerability

Bugtraq ID:	1660
Class:	Access Validation Error
CVE:
Remote:	No
Local:	Yes
Published:	Sep 03 2000 12:00AM
Updated:	Sep 03 2000 12:00AM
Credit:	This vulnerability was posted to the Bugtraq mailing list on September 3, 2000 by alex medvedev <[email protected]>
Vulnerable:	IBM AIX 4.3.2 IBM AIX 4.3.1 IBM AIX 4.3 IBM AIX 4.2.1 IBM AIX 4.2

Not Vulnerable:

Discussion

AIX netstat -Z Statistic Clearing Vulnerability

A vulnerability exists in versions 4.x. x of AIX, from IBM. Any local user can utilize the -Z command to netstat, without needing to be root. This will cause interface statistics to be reset. This could potentially interfere with programs that track statistical information.

Exploit / POC

AIX netstat -Z Statistic Clearing Vulnerability

$ netstat -in --> shows stats
$ netstat -Zi --> clears them without checking the uid

Solution / Fix

AIX netstat -Z Statistic Clearing Vulnerability

Solution:
An APAR is available from IBM.

IBM AIX 4.3

IBM IY12147

IBM AIX 4.3.1

IBM IY12147

IBM AIX 4.3.2

IBM IY12147

References

AIX netstat -Z Statistic Clearing Vulnerability

References:

AIX Fix Distribution Service (IBM)
IBM Support Databases (IBM)