GNU Make For IBM AIX CC Path Local Buffer Overflow Vulnerability
BID:9903
Info
GNU Make For IBM AIX CC Path Local Buffer Overflow Vulnerability
| Bugtraq ID: | 9903 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 17 2004 12:00AM |
| Updated: | Mar 17 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to watercloud <[email protected]>. |
| Vulnerable: |
IBM AIX 4.3.3 |
| Not Vulnerable: | |
Discussion
GNU Make For IBM AIX CC Path Local Buffer Overflow Vulnerability
GNU make for IBM AIX has been reported to be prone to a buffer overflow vulnerability, the issue is reported to exist due to a lack of sufficient boundary checks performed when reading the path to the CC compiler.
Because the GNU make utility is reported to run with setGID root privileges, a local attacker may potentially exploit this condition to gain access to the root group.
This issue is reported to exist on AIX 4.3.3 platforms.
GNU make for IBM AIX has been reported to be prone to a buffer overflow vulnerability, the issue is reported to exist due to a lack of sufficient boundary checks performed when reading the path to the CC compiler.
Because the GNU make utility is reported to run with setGID root privileges, a local attacker may potentially exploit this condition to gain access to the root group.
This issue is reported to exist on AIX 4.3.3 platforms.
Exploit / POC
GNU Make For IBM AIX CC Path Local Buffer Overflow Vulnerability
The following proof of concept has been supplied:
The following proof of concept has been supplied:
Solution / Fix
GNU Make For IBM AIX CC Path Local Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.