Vulnerability Note VU#123651
IBM AIX lsfs utility invokes grep and lslv with relative pathnames
The IBM AIX operating system contains a vulnerability in the lsfs utility that allows a local user to execute arbitrary code as root.
The IBM AIX lsfs utility displays filesystem information such as mount points, permissions and volume sizes. To list this information, it executes lslv to list logical volumes and grep to parse the resulting output. Because lsfs uses relative pathnames when executing grep and lslv, a local attacker can use the PATH environment variable to redirect the calls made by lsfs to a local version of either grep or lslv. If setuid root permissions have been applied to lsfs, the local versions of grep and lslv will be executed with root privileges.
This vulnerability allows local users to execute arbitrary code as root.
Apply a patch from your vendor
IBM has released APAR IY16909 to address this issue. For further information, please consult the "Systems Affected" section of this document.
Clear setuid bit on lsfs
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IBM||Affected||21 Aug 2001||04 Sep 2001|
CVSS Metrics (Learn More)
This document was written by Jeffrey P. Lanza and is based on information provided by IBM.
- CVE IDs: CAN-2001-0573
- Date Public: 03 Apr 2001
- Date First Published: 05 Sep 2001
- Date Last Updated: 05 Sep 2001
- Severity Metric: 21.37
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.