Vulnerability Note VU#433499
IBM AIX portmir vulnerable to buffer overflow via echo_error
There is a buffer overflow in the IBM AIX portmir command that may allow local users to gain root privileges.
There is a buffer overflow in the echo_error routine of the IBM AIX portmir command. An attacker may be able to corrupt lock files in the "/etc/locks" directory.
While full impact of this vulnerability is not known for sure, it appears that attackers with access to a local account may be able to gain root privileges.
Apply a Patch
IBM has released patches to correct this problem. For AIX version 4.3.0, system administrators should apply APAR#IY07832.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IBM||Affected||-||26 Sep 2001|
CVSS Metrics (Learn More)
This document was written by Cory F. Cohen.
- CVE IDs: Unknown
- Date Public: 27 Jan 2000
- Date First Published: 26 Sep 2001
- Date Last Updated: 26 Sep 2001
- Document Revision: 4
If you have feedback, comments, or additional information about this vulnerability, please send us email.