AIX Performance Tools tprof -x Parameter Privilege Escalation

1994-02-01T00:00:00
ID OSVDB:17082
Type osvdb
Reporter OSVDB
Modified 1994-02-01T00:00:00

Description

Vulnerability Description

AIX Performance Tools contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the 'tprof' utility is run with the '-x' parameter. Command arguments supplied to this parameter are run with the same privileges as 'tprof' (SUID root by default), allowing arbitrary privileged command execution.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Short Description

AIX Performance Tools contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the 'tprof' utility is run with the '-x' parameter. Command arguments supplied to this parameter are run with the same privileges as 'tprof' (SUID root by default), allowing arbitrary privileged command execution.

Manual Testing Notes

$ tprof -x /bin/sh

References:

Related OSVDB ID: 17078 Related OSVDB ID: 17081 Related OSVDB ID: 17072 Related OSVDB ID: 17080 Related OSVDB ID: 17074 Related OSVDB ID: 17075 Related OSVDB ID: 17076 Related OSVDB ID: 7986 Related OSVDB ID: 17073 Related OSVDB ID: 17077 Related OSVDB ID: 17079 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1994_2/0269.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1994_2/0270.html Keyword: U420020 Keyword: APAR IX42332 Keyword: Licensed Program Product Keyword: U422510 Keyword: bosext1.extcmds.obj Keyword: PTF ISS X-Force ID: 504 CVE-1999-0338 CERT: CA-1994-03