AIX enq Privilege Escalation

2003-12-17T00:00:00
ID OSVDB:3090
Type osvdb
Reporter OSVDB
Modified 2003-12-17T00:00:00

Description

Vulnerability Description

IBM AIX versions 4.3.3, 5.1.0, and 5.2.0 contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by a format string attack caused by a vulnerability in the "enq" program.

Technical Description

IBM provides the following official fixes:

APAR number for AIX 4.3.3: IY45253 (available) APAR number for AIX 5.1.0: IY46255 (available) APAR number for AIX 5.2.0: IY45329 (available)

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Short Description

IBM AIX versions 4.3.3, 5.1.0, and 5.2.0 contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by a format string attack caused by a vulnerability in the "enq" program.

References:

Vendor Specific Solution URL: http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp Vendor Specific Advisory URL Secunia Advisory ID:10470 Nessus Plugin ID:14420 Nessus Plugin ID:14414 ISS X-Force ID: 14037 CVE-2003-1018