IBM AIX Configuration Commands Multiple Buffer Overflow Vulnerabilities
BID:25270
Info
IBM AIX Configuration Commands Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 25270 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4353 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 10 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | The vendor disclosed theses issues. |
| Vulnerable: |
IBM AIX 5.3 IBM AIX 5.2 |
| Not Vulnerable: | |
Discussion
IBM AIX Configuration Commands Multiple Buffer Overflow Vulnerabilities
IBM AIX is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.
Attackers who have 'system' group privileges can exploit these issues to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.
These versions are affected:
AIX 5.2.0.85 through 5.2.0.105
AIX 5.3.0.40 through 5.3.0.61
IBM AIX is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.
Attackers who have 'system' group privileges can exploit these issues to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.
These versions are affected:
AIX 5.2.0.85 through 5.2.0.105
AIX 5.3.0.40 through 5.3.0.61
Exploit / POC
IBM AIX Configuration Commands Multiple Buffer Overflow Vulnerabilities
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
IBM AIX Configuration Commands Multiple Buffer Overflow Vulnerabilities
Solution:
IBM has released an advisory and fixes to address these issues. Please see the references for more information.
IBM AIX 5.2
IBM AIX 5.3
Solution:
IBM has released an advisory and fixes to address these issues. Please see the references for more information.
IBM AIX 5.2
-
IBM cmdcfg_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/cmdcfg_ifix.tar.Z -
IBM IZ00531
http://www-912.ibm.com/eserver/support/fixes/fixcentral/pseriespkgopti ons/apar?fixes=IZ00531
IBM AIX 5.3
References
IBM AIX Configuration Commands Multiple Buffer Overflow Vulnerabilities
References:
References:
- AIX Homepage (IBM)