AIX Getlvcb Command Line Argument Buffer Overflow Vulnerability
BID:9905
Info
AIX Getlvcb Command Line Argument Buffer Overflow Vulnerability
| Bugtraq ID: | 9905 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0544 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 17 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery of this vulnerability has been credited to watercloud <[email protected]>. |
| Vulnerable: |
IBM AIX 4.3.3 IBM AIX 5.2 IBM AIX 5.1 |
| Not Vulnerable: | |
Discussion
AIX Getlvcb Command Line Argument Buffer Overflow Vulnerability
getlvcb has been reported to be prone to a buffer overflow vulnerability.
When an argument is passed to the getlvcb utility, the string is copied into a reserved buffer in memory. Data that exceeds the size of the reserved buffer will overflow its bounds and will trample any saved data that is adjacent to the affected buffer. Ultimately this may lead to the execution of arbitrary instructions in the context of the root user.
An attacker will require system group privileges prior to the execution of the getlvcb utility, the attacker may exploit the issue described in BID 9903 in order to gain the necessary privileges required to exploit this vulnerability.
getlvcb has been reported to be prone to a buffer overflow vulnerability.
When an argument is passed to the getlvcb utility, the string is copied into a reserved buffer in memory. Data that exceeds the size of the reserved buffer will overflow its bounds and will trample any saved data that is adjacent to the affected buffer. Ultimately this may lead to the execution of arbitrary instructions in the context of the root user.
An attacker will require system group privileges prior to the execution of the getlvcb utility, the attacker may exploit the issue described in BID 9903 in order to gain the necessary privileges required to exploit this vulnerability.
Exploit / POC
AIX Getlvcb Command Line Argument Buffer Overflow Vulnerability
The following proof of concept exploits have been supplied:
The following proof of concept exploits have been supplied:
Solution / Fix
AIX Getlvcb Command Line Argument Buffer Overflow Vulnerability
Solution:
IBM has released an update to their original advisory (APR-22-2004-LVM) as well as official APAR fixes; these fixes supercede the previous efixes. Further information regarding obtaining and applying APARs can be found in the referenced advisory.
IBM AIX 5.1
IBM AIX 5.2
Solution:
IBM has released an update to their original advisory (APR-22-2004-LVM) as well as official APAR fixes; these fixes supercede the previous efixes. Further information regarding obtaining and applying APARs can be found in the referenced advisory.
IBM AIX 5.1
-
IBM lvmcmd_efix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/lvmcmd_efix.tar.Z -
IBM IY55681
http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp -
IBM IY55682
http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp
IBM AIX 5.2
-
IBM lvmcmd_efix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/lvmcmd_efix.tar.Z -
IBM IY55681
http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp -
IBM IY55682
http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp