IBM AIX Pioinit File Overwrite Code Execution Vulnerability
BID:25080
Info
IBM AIX Pioinit File Overwrite Code Execution Vulnerability
| Bugtraq ID: | 25080 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 26 2007 12:00AM |
| Updated: | Jul 27 2007 05:35PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
IBM AIX 5.3 IBM AIX 5.2 |
| Not Vulnerable: | |
Discussion
IBM AIX Pioinit File Overwrite Code Execution Vulnerability
IBM AIX is prone to a vulnerability that allows attackers to execute arbitrary code with superuser privileges. This issue occurs because of insecure permissions on boot files.
Successful attacks will completely compromise affected computers.
IBM AIX is prone to a vulnerability that allows attackers to execute arbitrary code with superuser privileges. This issue occurs because of insecure permissions on boot files.
Successful attacks will completely compromise affected computers.
Exploit / POC
IBM AIX Pioinit File Overwrite Code Execution Vulnerability
Attackers can exploit this issue by overwriting the affected script with arbitrary commands.
Attackers can exploit this issue by overwriting the affected script with arbitrary commands.
Solution / Fix
IBM AIX Pioinit File Overwrite Code Execution Vulnerability
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for more information.
IBM AIX 5.2
IBM AIX 5.3
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for more information.
IBM AIX 5.2
-
IBM IY79785
http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp?whichFix=APAR&f ixes=IY79785 -
IBM pioinit_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/pioinit_ifix.tar.Z
IBM AIX 5.3
References
IBM AIX Pioinit File Overwrite Code Execution Vulnerability
References:
References:
- AIX Fixes (IBM)
- AIX Homepage (IBM)