Vulnerability Note VU#17566
sysback makes call to hostname without a fully qualified path specification
sysback, shipped with AIX systems, allows local users to gain root access because of a failure to use a fully qualified path for a call to hostname.
sysback includes a call to hostname but does not include a full path specification. Because sysback is set uid root, intruders can put a malicious hostname in the path before the "real" hostname, and thereby execute any commands with root privileges.
Local users can execute arbitrary commands and programs with root privileges.
Update to sysback.rte 126.96.36.199 as described in the IBM vendor statement.
Remove setuid root from sysback in environments that permit it (where such a change would not be detrimental to operations).
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IBM||Affected||13 Aug 1999||10 Dec 2000|
CVSS Metrics (Learn More)
Our thanks to Kiki Lee for reporting this vulnerability.
This document was written by Shawn V Hernan.
- CVE IDs: Unknown
- Date Public: 10 Dec 2000
- Date First Published: 12 Dec 2000
- Date Last Updated: 12 Dec 2000
- Severity Metric: 1.35
- Document Revision: 6
If you have feedback, comments, or additional information about this vulnerability, please send us email.