CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
9.7%
The IBM AIX operating system contains a vulnerability in the lsfs
utility that allows a local user to execute arbitrary code as root.
The IBM AIX lsfs
utility displays filesystem information such as mount points, permissions and volume sizes. To list this information, it executes lslv
to list logical volumes and grep
to parse the resulting output. Because lsfs
uses relative pathnames when executing grep
and lslv
, a local attacker can use the PATH environment variable to redirect the calls made by lsfs
to a local version of either grep
or lslv
. If setuid root permissions have been applied to lsfs
, the local versions of grep
and lslv
will be executed with root privileges.
This vulnerability allows local users to execute arbitrary code as root.
Apply a patch from your vendor
IBM has released APAR IY16909 to address this issue. For further information, please consult the “Systems Affected” section of this document.
Clear setuid bit on lsfs
Previous to AIX 5.1 and some versions of AIX 4.3.3, default installations of AIX contained an lsfs
binary with the setuid bit enabled. To reduce the impact of this vulnerability on those versions, use the chmod
command to clear the setuid bit.
123651
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 21, 2001 Updated: September 04, 2001
Affected
IBM fixed this vulnerability in AIX 4.3.3 and has made available APAR IY16909 that closes the security hole. Customers using AIX 4.3.3 are urged to apply this APAR, if they have not already done so. AIX 5.1 is not affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23123651 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Jeffrey P. Lanza and is based on information provided by IBM.
CVE IDs: | CVE-2001-0573 |
---|---|
Severity Metric: | 21.38 Date Public: |