IBM AIX bellmail Local Privilege Escalation Vulnerability
BID:26257
Info
IBM AIX bellmail Local Privilege Escalation Vulnerability
| Bugtraq ID: | 26257 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4623 |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 30 2007 12:00AM |
| Updated: | Oct 30 2007 10:56PM |
| Credit: | Joshua J. Drake of VeriSign iDefense Labs is credited with the discovery of this vulnerability. |
| Vulnerable: |
IBM AIX 5.3 IBM AIX 5.2 |
| Not Vulnerable: | |
Discussion
IBM AIX bellmail Local Privilege Escalation Vulnerability
IBM AIX is prone to a local privilege-escalation vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers.
IBM AIX is prone to a local privilege-escalation vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers.
Exploit / POC
IBM AIX bellmail Local Privilege Escalation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
IBM AIX bellmail Local Privilege Escalation Vulnerability
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
IBM AIX 5.2
IBM AIX 5.3
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
IBM AIX 5.2
-
IBM bellmail_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/bellmail_ifix.tar
IBM AIX 5.3
-
IBM bellmail_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/bellmail_ifix.tar
References
IBM AIX bellmail Local Privilege Escalation Vulnerability
References:
References: