AIX bos.rte.console swcons Command Line Argument Local Overflow

2005-06-06T06:54:12
ID OSVDB:17255
Type osvdb
Reporter intropy(intropy@caughq.org)
Modified 2005-06-06T06:54:12

Description

Vulnerability Description

A local overflow exists in AIX. The 'swcons' command fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long command line argument, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Technical Description

'system' group privileges are required to exploit this vulnerability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A local overflow exists in AIX. The 'swcons' command fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long command line argument, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.ibm.com/us/ Security Tracker: 1014132 Secunia Advisory ID:15636 Other Advisory URL: http://www.caughq.org/advisories/CAU-2005-0007.txt Keyword: CAU-2005-0007 ISS X-Force ID: 20937 CVE-2005-2237 Bugtraq ID: 13921