IBM AIX svprint Local Buffer Overflow Vulnerability

Bugtraq ID:	25561
Class:	Boundary Condition Error
CVE:	CVE-2007-4797
Remote:	No
Local:	Yes
Published:	Sep 05 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	The vendor reported this issue.
Vulnerable:	IBM AIX 5.3 IBM AIX 5.2
Not Vulnerable:

IBM AIX svprint Local Buffer Overflow Vulnerability

IBM AIX is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

IBM AIX svprint Local Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

IBM AIX svprint Local Buffer Overflow Vulnerability

Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.


IBM AIX 5.2

• IBM svprint_ifix.tar.Z
  ftp://aix.software.ibm.com/aix/efixes/security/svprint_ifix.tar.Z

IBM AIX 5.3

• IBM svprint_ifix.tar.Z
  ftp://aix.software.ibm.com/aix/efixes/security/svprint_ifix.tar.Z

IBM AIX svprint Local Buffer Overflow Vulnerability

References:

• AIX Homepage (IBM)
  
• IBM AIX svprint commands buffer overflow vulnerability (IBM)
  
• IBM AIX svprint commands buffer overflow vulnerability (IBM)