AIX digest Buffer Overflow Vulnerability
BID:2033
Info
AIX digest Buffer Overflow Vulnerability
| Bugtraq ID: | 2033 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 01 2000 12:00AM |
| Updated: | Dec 01 2000 12:00AM |
| Credit: | This vulnerability was announced by Esa Etelavuori <[email protected]> on December 1, 2000. |
| Vulnerable: |
IBM AIX 4.3.3 IBM AIX 4.3.2 IBM AIX 4.3.1 IBM AIX 4.3 |
| Not Vulnerable: | |
Discussion
AIX digest Buffer Overflow Vulnerability
AIX is a version of the UNIX Operating System distributed by IBM. A vulnerability exists in the operating system which could allow a user an elevation in priviledge.
The problem occurs in the digest binary. It is reported that it is possible to overflow a buffer in the program and overwrite a pointer to the stack, which in turn can result in an overflow in a library referenced by the binary. The secondary overflow in the library makes it possible to overwrite other stack variables, including the return address.
A malicious user could use this vulnerability to gain an elevation in priviledges, and potentially UID 0.
AIX is a version of the UNIX Operating System distributed by IBM. A vulnerability exists in the operating system which could allow a user an elevation in priviledge.
The problem occurs in the digest binary. It is reported that it is possible to overflow a buffer in the program and overwrite a pointer to the stack, which in turn can result in an overflow in a library referenced by the binary. The secondary overflow in the library makes it possible to overwrite other stack variables, including the return address.
A malicious user could use this vulnerability to gain an elevation in priviledges, and potentially UID 0.