SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#182777

IBM AIX nslookup buffer overflow in lex routines

Overview

There is a problem with the nslookup program related to the handling of long strings.

I. Description

This problem is reported to be the result of incorrect bounds checking on the part of the lex routines used in nslookup. This vulnerability is mentioned in an IBM advisory as being exploited by attackers.

II. Impact

The impact of this vulnerability is not clear. It may be possible for local attackers to gain root privileges on the vulnerable system.

III. Solution

Apply a Patch

IBM has released patches to correct this problem. For AIX version 4.3, system administrators should apply APAR#IX79909.

Systems Affected
VendorStatusDate NotifiedDate Updated
IBMVulnerable26-Sep-2001

References

http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IX79909
http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA96551+STIX79909+USbin

Credit

This document was written by Cory F. Cohen.

Other Information

Date Public:98-07-06
Date First Published:2001-09-26
Date Last Updated:2001-09-26
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:5.91
Document Revision:2

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader