IBM AIX xlplm Local Buffer Overflow Vulnerability

Bugtraq ID:	25560
Class:	Boundary Condition Error
CVE:	CVE-2007-4793
Remote:	No
Local:	Yes
Published:	Sep 05 2007 12:00AM
Updated:	Oct 25 2007 04:16PM
Credit:	The vendor reported this issue.
Vulnerable:	IBM AIX 5.3 IBM AIX 5.2 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha
Not Vulnerable:

IBM AIX xlplm Local Buffer Overflow Vulnerability

IBM AIX is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

IBM AIX xlplm Local Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

IBM AIX xlplm Local Buffer Overflow Vulnerability

Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.


IBM AIX 5.2

• IBM xlplm_ifix.tar.Z
  ftp://aix.software.ibm.com/aix/efixes/security/xlplm_ifix.tar.Z

IBM AIX 5.3

• IBM xlplm_ifix.tar.Z
  ftp://aix.software.ibm.com/aix/efixes/security/xlplm_ifix.tar.Z

IBM AIX xlplm Local Buffer Overflow Vulnerability

References:

• AIX Homepage (IBM)
  
• AIX xlplm buffer overflow vulnerability (IBM)
  
• AIX xlplm buffer overflow vulnerability (IBM)