IBM AIX crontab Local Privilege Escalation Vulnerability
BID:26263
Info
IBM AIX crontab Local Privilege Escalation Vulnerability
| Bugtraq ID: | 26263 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4621 |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 30 2007 12:00AM |
| Updated: | Oct 31 2007 03:26PM |
| Credit: | An anonymous researcher is credited with the discovery of this vulnerability. |
| Vulnerable: |
IBM AIX 5.2 |
| Not Vulnerable: |
IBM AIX 5.3 |
Discussion
IBM AIX crontab Local Privilege Escalation Vulnerability
IBM AIX 'crontab' is prone to a local privilege-escalation vulnerability because it fails to perform adequate length checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers.
IBM AIX 'crontab' is prone to a local privilege-escalation vulnerability because it fails to perform adequate length checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers.
Exploit / POC
IBM AIX crontab Local Privilege Escalation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
IBM AIX crontab Local Privilege Escalation Vulnerability
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
IBM AIX 5.2
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
IBM AIX 5.2
-
IBM crontab_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/crontab_ifix.tar -
IBM IZ04832
http://www.ibm.com/support/docview.wss?uid=isg1IZ04832
References
IBM AIX crontab Local Privilege Escalation Vulnerability
References:
References:
- AIX Homepage (IBM)
- iDefense Security Advisory 10.30.07: IBM AIX 5.2 crontab BSS Buffer Overflow (iDefense Labs
) - AIX crontab buffer overflow vulnerability (IBM)
- IBM AIX 5.2 crontab BSS Buffer Overflow Vulnerability (iDefense Labs)