AIX "getconf" contains buffer overflow vulnerability

2005-09-29T00:00:00
ID VU:602300
Type cert
Reporter CERT
Modified 2005-09-29T00:00:00

Description

Overview

IBM AIX getconf contains a buffer overflow vulnerability that may lead to arbitrary code execution.

Description

IBM AIX contains the getconf command that provides information about system configuration. An unspecified buffer overflow condition has been identified in getconf and may lead to arbitrary code execution by local users.


Impact

Local, authenticated users may be able to execute arbitrary code.


Solution

Apply an update

IBM has issued updates to address this issue. Please see documents IY73850 and IY73814 for more information.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
IBM Corporation| | -| 29 Sep 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www-1.ibm.com/support/docview.wss?uid=isg1IY73814>
  • <http://www-1.ibm.com/support/docview.wss?uid=isg1IY73850>
  • <http://secunia.com/advisories/16996/>

Credit

Thanks to IBM for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

  • CVE IDs: CAN-2005-3060
  • Date Public: 29 Sep 2005
  • Date First Published: 29 Sep 2005
  • Date Last Updated: 29 Sep 2005
  • Severity Metric: 10.13
  • Document Revision: 4