Vulnerability Note VU#886953

IBM AIX setsenv buffer overflow

Overview

There is a buffer overflow in the IBM AIX setsenv command that may allow local attackers to gain root privileges.

I. Description

The setsenv command is used to set protected state environment variables. There is a buffer overflow in a variable value parameter to the setsenv command on IBM AIX systems. An exploit for this vulnerability is publicly available, and is reported to have been used to compromise systems.

II. Impact

An attacker with access to a local user account can execute arbitrary code on the vulnerable system as root.

III. Solution

Apply a Patch

IBM has released patches to correct this problem. For AIX version 4.2, system adminstrators should apply APAR#IY10721. For AIX version 4.3, system administrators should apply APAR#IY08812.

Systems Affected

Vendor	Status	Date Notified	Date Updated
IBM	Vulnerable	27-Sep-2001

References

http://www.securityfocus.com/bid/2032
http://xforce.iss.net/static/5621.php
http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA114623+STIY10721+USbin
http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY10721
http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA123587+STIY08812+USbin
http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY08812
http://www.rs6000.ibm.com/doc_link/en_US/a_doc_lib/cmds/aixcmds5/setsenv.htm#WPg2f0frit

Credit

This document was written by Cory F. Cohen.

Other Information

Date Public:	2000-12-01
Date First Published:	2001-09-28
Date Last Updated:	2001-09-28
CERT Advisory:
CVE-ID(s):	CVE-2000-1119
NVD-ID(s):	CVE-2000-1119
US-CERT Technical Alerts:
Metric:	15.19
Document Revision:	4

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader