CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#18419

IBM AIX nslookup fails to drop root privileges

Overview

The nslookup command fails to drop privileges, allowing local attackers to gain root privileges.

I. Description

The nslookup program fails to drop the privileges it gains from being setuid. This access appears to be needed to read the "/etc/resolv.conf" file. This problem was described in IBM ERS advisory ERS-SVA-E01-1997:008.1.

II. Impact

Intruders with access to a local user account may be able to gain root privileges.

III. Solution

Apply a Patch

For AIX version 4.1, system administrators should apply APAR #IX71464. For AIX version 4.2, system administrators should apply APAR #IX70815.

Disable the setuid bit on nslookup

You can prevent this vulnerability from being exploited by removing the setuid bit from the nslookup program. You can do this by executing the following command as root:

    chmod 555 /usr/bin/nslookup

Systems Affected
VendorStatusDate Updated
IBMVulnerable26-Sep-2001

References


http://xforce.iss.net/static/604.php
http://groups.google.com/groups?q=ERS-SVA-E01-1997:008.1&hl=en&rnum=3&selm=6383r7%24kts%243%40watnews1.watson.ibm.com

Credit

This document was written by Cory F. Cohen.

Other Information

Date Public10/29/1997
Date First Published09/26/2001 12:04:36 PM
Date Last Updated09/27/2001
CERT Advisory 
CVE NameCVE-1999-0093
Metric2.76
Document Revision10

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2001 Carnegie Mellon University