AIX namerslv Long Argument Local Overflow

2002-04-30T00:00:00
ID OSVDB:8004
Type osvdb
Reporter OSVDB
Modified 2002-04-30T00:00:00

Description

Vulnerability Description

A local overflow exists in IBM AIX. The namerslv command fails to validate input parameters properly resulting in a buffer overflow. With a specially crafted request, an attacker can cause segmentation faults.

The namerslv utility is not SUID and does not result in privilege escalation or loss of confidentiality, integrity, or availability.

Solution Description

Upgrade to version 4.3.3 (APAR IY29517), 5.1.0 (APAR IY31937) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in IBM AIX. The namerslv command fails to validate input parameters properly resulting in a buffer overflow. With a specially crafted request, an attacker can cause segmentation faults.

The namerslv utility is not SUID and does not result in privilege escalation or loss of confidentiality, integrity, or availability.

References:

Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY29517 Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY31937 Mail List Post: http://archives.neohapsis.com/archives/aix/2002-q2/0005.html Keyword: IY30431 ISS X-Force ID: 9815 CVE-2002-0744