Vulnerability Note VU#209363

IBM AIX vulnerable to buffer overflow in RCP

Original Release date: 16 Sep 2002 | Last revised: 16 Sep 2002

Overview

IBM AIX contains a buffer-overflow vulnerability that may allow remote attackers to gain root privileges.

Description

Some versions of IBM AIX used unbounded string operators. This problem was corrected in AIXV4 by changing the unbounded operators to their bounded equivalents.

Impact

Remote attackers may be able to gain root privileges.

Solution

Apply a patch from your vendor

See the Vendor Status section for more information.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
IBMAffected22 Apr 200207 Jun 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to IBM for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

  • CVE IDs: Unknown
  • Date Public: 28 Mar 2002
  • Date First Published: 16 Sep 2002
  • Date Last Updated: 16 Sep 2002
  • Severity Metric: 14.96
  • Document Revision: 4

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.