Vulnerability Note VU#17566
sysback makes call to hostname without a fully qualified path specification
Overview
sysback, shipped with AIX systems, allows local users to gain root access because of a failure to use a fully qualified path for a call to hostname.
Description
sysback includes a call to hostname but does not include a full path specification. Because sysback is set uid root, intruders can put a malicious hostname in the path before the "real" hostname, and thereby execute any commands with root privileges. |
Impact
Local users can execute arbitrary commands and programs with root privileges. |
Solution
Update to sysback.rte 4.2.1.13 as described in the IBM vendor statement. |
Remove setuid root from sysback in environments that permit it (where such a change would not be detrimental to operations). |
Systems Affected (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
IBM | Affected | 13 Aug 1999 | 10 Dec 2000 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A | N/A |
References
- None
Credit
Our thanks to Kiki Lee for reporting this vulnerability.
This document was written by Shawn V Hernan.
Other Information
- CVE IDs: Unknown
- Date Public: 10 Dec 2000
- Date First Published: 12 Dec 2000
- Date Last Updated: 12 Dec 2000
- Severity Metric: 1.35
- Document Revision: 6
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.