Vulnerability Note VU#18500
IBM AIX portmir buffer overflow
Overview
There is a buffer overflow vulnerability in the AIX portmir command that may allow local attackers to gain root privileges.
Description
There is a buffer overflow in the AIX portmir command. This problem was described in IBM ERS security bulletin: ERS-SVA-E01-1997:006.1. |
Impact
Attackers with access to a local user account may gain root privileges. |
Solution
Apply a Patch |
Disable the setuid bit on the portmir command Disabling the setuid bit on the portmir command will prevent this vulnerability from being exploited. ?You can do this by running the following command as root:
|
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| IBM | Vulnerable | - | 20 Apr 2002 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://groups.google.com/groups?q=ERS-SVA-E01-1997:006.1&hl=en&rnum=3&selm=6383eb%24kts%241%40watnews1.watson.ibm.com
- http://xforce.iss.net/static/592.php
Credit
This document was written by Cory F. Cohen.
Other Information
- CVE IDs: CAN-1999-0092
- Date Public: 29 Oct 97
- Date First Published: 26 Sep 2001
- Date Last Updated: 27 Sep 2001
- Severity Metric: 4.31
- Document Revision: 9
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
