AIX enq -M Argument Local Overflow

2003-02-12T00:00:00
ID OSVDB:1678
Type osvdb
Reporter Esa Etelavuori(eetelavu@cc.hut.fi)
Modified 2003-02-12T00:00:00

Description

Vulnerability Description

A local overflow exists in AIX. The enq command fails to validate input parameter -M resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands via a long -M argument resulting in a loss of integrity.

Solution Description

Upgrade AIX using the patch numbers AIX 4.2: APAR IY08287 and AIX 4.3: APAR IY08143 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in AIX. The enq command fails to validate input parameter -M resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands via a long -M argument resulting in a loss of integrity.

References:

Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY08287 Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY08143 Related OSVDB ID: 7996 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-02/0199.html ISS X-Force ID: 5619 CVE-2000-1121 Bugtraq ID: 2034