BID:25271

IBM AIX Fileplace Command Buffer Overflow Vulnerabilities

Info

IBM AIX Fileplace Command Buffer Overflow Vulnerabilities

Bugtraq ID:	25271
Class:	Boundary Condition Error
CVE:	CVE-2007-4354
Remote:	No
Local:	Yes
Published:	Aug 10 2007 12:00AM
Updated:	May 07 2015 05:36PM
Credit:	The vendor disclosed this issue.
Vulnerable:	IBM AIX 5.3 IBM AIX 5.2

Not Vulnerable:

Discussion

IBM AIX Fileplace Command Buffer Overflow Vulnerabilities

IBM AIX is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

These versions are affected:

AIX 5.2.0.85 through 5.2.0.105
AIX 5.3.0.40 through 5.3.0.61

Exploit / POC

IBM AIX Fileplace Command Buffer Overflow Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

IBM AIX Fileplace Command Buffer Overflow Vulnerabilities

Solution:
IBM has released an advisory and fixes to address these issues. Please see the references for more information.

IBM AIX 5.2

IBM fileplace_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/fileplace_ifix.tar.Z

IBM IZ00154
http://www-912.ibm.com/eserver/support/fixes/fixcentral/pseriespkgopti ons/apar?fixes=IZ00154

IBM AIX 5.3

IBM fileplace_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/fileplace_ifix.tar.Z

IBM IZ00149
http://www-912.ibm.com/eserver/support/fixes/fixcentral/pseriespkgopti ons/apar?fixes=IZ00149

References

IBM AIX Fileplace Command Buffer Overflow Vulnerabilities

References:

AIX Homepage (IBM)