CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#182777

IBM AIX nslookup buffer overflow in lex routines

Overview

There is a problem with the nslookup program related to the handling of long strings.

I. Description

This problem is reported to be the result of incorrect bounds checking on the part of the lex routines used in nslookup. This vulnerability is mentioned in an IBM advisory as being exploited by attackers.

II. Impact

The impact of this vulnerability is not clear. It may be possible for local attackers to gain root privileges on the vulnerable system.

III. Solution

Apply a Patch

IBM has released patches to correct this problem. For AIX version 4.3, system administrators should apply APAR#IX79909.

Systems Affected
VendorStatusDate Updated
IBMVulnerable26-Sep-2001

References


http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IX79909
http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA96551+STIX79909+USbin

Credit

This document was written by Cory F. Cohen.

Other Information

Date Public07/06/1998
Date First Published09/26/2001 02:00:20 PM
Date Last Updated09/26/2001
CERT Advisory 
CVE Name 
Metric5.91
Document Revision2

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2001 Carnegie Mellon University