IBM AIX Perl Interpreter Local Arbitrary Code Execution Vulnerability
BID:24241
Info
IBM AIX Perl Interpreter Local Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 24241 |
| Class: | Unknown |
| CVE: |
CVE-2007-2996 |
| Remote: | No |
| Local: | Yes |
| Published: | May 30 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
IBM AIX 5300-06 IBM AIX 5200-10 IBM AIX 5.3 IBM AIX 5.2 |
| Not Vulnerable: | |
Discussion
IBM AIX Perl Interpreter Local Arbitrary Code Execution Vulnerability
IBM AIX is prone to a vulnerability that lets local attackers execute arbitrary code.
To exploit this issue, the attacker must wait for a victim to execute a certain binary distributed with the vulnerable fileset.
The attacker can exploit this issue to execute arbitrary code in the context of another user. Successful exploits may facilitate a compromise of affected computers or lead to other attacks.
IBM AIX is prone to a vulnerability that lets local attackers execute arbitrary code.
To exploit this issue, the attacker must wait for a victim to execute a certain binary distributed with the vulnerable fileset.
The attacker can exploit this issue to execute arbitrary code in the context of another user. Successful exploits may facilitate a compromise of affected computers or lead to other attacks.
Exploit / POC
IBM AIX Perl Interpreter Local Arbitrary Code Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
IBM AIX Perl Interpreter Local Arbitrary Code Execution Vulnerability
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
IBM AIX 5200-10
IBM AIX 5.2
IBM AIX 5.3
IBM AIX 5300-06
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
IBM AIX 5200-10
-
IBM IY98394.060607.epkg.Z
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html
IBM AIX 5.2
-
IBM perl_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/perl_ifix.tar.Z -
IBM IY98394.051407.epkg.Z
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html
IBM AIX 5.3
-
IBM perl_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/perl_ifix.tar.Z -
IBM IY98395.051407.epkg.Z
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html
IBM AIX 5300-06
-
IBM IY98395.060607.epkg.Z
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html
References
IBM AIX Perl Interpreter Local Arbitrary Code Execution Vulnerability
References:
References:
- AIX Fixes (IBM)
- AIX Homepage (IBM)