AIX lsmcode Local Overflow

2002-04-18T00:00:00
ID OSVDB:8001
Type osvdb
Reporter OSVDB
Modified 2002-04-18T00:00:00

Description

Vulnerability Description

A local overflow exists in IBM AIX. The lsmcode command fails to validate input resulting in a possible buffer overflow. With a specially crafted request, an attacker can cause arbitrary command execution resulting in a loss of integrity.

Solution Description

Upgrade to version 4.3.3 (APAR IY29589), 5.1.0 (APAR IY28586) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in IBM AIX. The lsmcode command fails to validate input resulting in a possible buffer overflow. With a specially crafted request, an attacker can cause arbitrary command execution resulting in a loss of integrity.

References:

Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY28586 Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY29589 Mail List Post: http://archives.neohapsis.com/archives/aix/2002-q2/0005.html Keyword: IY30431 ISS X-Force ID: 11257 Generic Exploit URL: http://www.securiteam.com/exploits/5YP0D0AAAQ.html CVE-2002-0747 Bugtraq ID: 7871