Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10670
HistoryDec 16, 2005 - 12:00 a.m.

Patches available for IBM AIX flaws

2005-12-1600:00:00
vulners.com
10
JSON

David Litchfield of NGSSoftware has discovered a multiple high risk
vulnerabilities in IBM's AIX operating systems.

1) There is a buffer overflow in the malloc debug system that when exploited
can yeild root privileges.
2) There is a buffer overflow in muxatmd which is setuid root.
3) There is a buffer overflow in slocal which is setuid root.
4) There are arbitrary file data append issues in getShell and getCommand in
conjuction with specific settings in the malloc debug system.Both getShell
and getCommand are setuid root.

Issue 1 affects AIX versions 5.3.
Issue 2 affects AIX versions 5.3, 5.2 and 5.1.
Issue 3 affects AIX versions 5.3, 5.2 and 5.1.
Issue 4 affects AIX versions 5.3, 5.2 and 5.1.

IBM has developed patches for these issues:

http://www-03.ibm.com/servers/eserver/support/unixservers/aixfixes.html

Administrators are urged to install the patches as soon as possible. Whilst
these attacks are "local" by nature, AIX servers running Informix, DB2 and
Oracle can be targeted remotely via specific SQL queries.

NGSSoftware Insight Security Research
http://www.ngssoftware.com/
http://www.databasesecurity.com/
+44(0)208 401 0070

JSON