AIX Printer Capability Format String Local Privilege Escalation

2003-05-13T00:00:00
ID OSVDB:7994
Type osvdb
Reporter OSVDB
Modified 2003-05-13T00:00:00

Description

Vulnerability Description

IBM AIX contains several printer related commands that may allow a malicious user to gain access to unauthorized privileges - printq or root privileges. The issue is triggered when running the commands with malformed input. This flaw may lead to a loss of confidentiality and/or integrity.

Solution Description

Upgrade AIX using the APAR numbers AIX 4.3: IY42089, 5.1.0: IY42090and AIX 5.2.0: IY42091 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

IBM AIX contains several printer related commands that may allow a malicious user to gain access to unauthorized privileges - printq or root privileges. The issue is triggered when running the commands with malformed input. This flaw may lead to a loss of confidentiality and/or integrity.

References:

Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY42090 Vendor Specific Solution URL: http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0660.1 Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY42089 Vendor Specific Advisory URL Security Tracker: 1006756 ISS X-Force ID: 12000 CVE-2003-0257 Bugtraq ID: 7604