IBM AIX Rexecd Privilege Escalation Vulnerability
BID:9835
Info
IBM AIX Rexecd Privilege Escalation Vulnerability
| Bugtraq ID: | 9835 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 09 2004 12:00AM |
| Updated: | Mar 09 2004 12:00AM |
| Credit: | This vulnerability was announced by the vendor. |
| Vulnerable: |
IBM AIX 4.3.3 |
| Not Vulnerable: | |
Discussion
IBM AIX Rexecd Privilege Escalation Vulnerability
IBM AIX implementation of rexecd has been reported prone to a remote vulnerability that may provide for privilege escalation.
The issue may result in a negotiated connection receiving the privileges of an alternate user.
IBM AIX implementation of rexecd has been reported prone to a remote vulnerability that may provide for privilege escalation.
The issue may result in a negotiated connection receiving the privileges of an alternate user.
Exploit / POC
IBM AIX Rexecd Privilege Escalation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
IBM AIX Rexecd Privilege Escalation Vulnerability
Solution:
IBM has released an advisory (MSS-OAR-E01-2004:0303.1) and APAR IY53507 to address this issue. Please see referenced advisory for further details regarding obtaining and applying this APAR.
IBM AIX 4.3.3
Solution:
IBM has released an advisory (MSS-OAR-E01-2004:0303.1) and APAR IY53507 to address this issue. Please see referenced advisory for further details regarding obtaining and applying this APAR.
IBM AIX 4.3.3
References
IBM AIX Rexecd Privilege Escalation Vulnerability
References:
References: