AIX diag Unspecified Privilege Escalation

2003-12-17T00:00:00
ID OSVDB:3091
Type osvdb
Reporter OSVDB
Modified 2003-12-17T00:00:00

Description

Vulnerability Description

AIX versions 4.3.3, 5.1.0, and 5.2.0 contain an unspecified flaw in the diag command that may allow a malicious user to gain access to unauthorized privileges.

Technical Description

IBM provides the following official fixes:

APAR number for AIX 4.3.3: IY37830 (available) APAR number for AIX 5.1.0: IY37144 (available) APAR number for AIX 5.2.0: IY37469 (available)

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Short Description

AIX versions 4.3.3, 5.1.0, and 5.2.0 contain an unspecified flaw in the diag command that may allow a malicious user to gain access to unauthorized privileges.

References:

Vendor Specific Solution URL: http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp Vendor Specific Advisory URL Secunia Advisory ID:10471 ISS X-Force ID: 14035