Vulnerability Note VU#17566
sysback makes call to hostname without a fully qualified path specification
Overview
sysback, shipped with AIX systems, allows local users to gain root access because of a failure to use a fully qualified path for a call to hostname.
Description
sysback includes a call to hostname but does not include a full path specification. Because sysback is set uid root, intruders can put a malicious hostname in the path before the "real" hostname, and thereby execute any commands with root privileges. |
Impact
Local users can execute arbitrary commands and programs with root privileges. |
Solution
Update to sysback.rte 4.2.1.13 as described in the IBM vendor statement. |
Remove setuid root from sysback in environments that permit it (where such a change would not be detrimental to operations). |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| IBM | Affected | 13 Aug 1999 | 10 Dec 2000 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- None
Credit
Our thanks to Kiki Lee for reporting this vulnerability.
This document was written by Shawn V Hernan.
Other Information
- CVE IDs: Unknown
- Date Public: 10 Dec 2000
- Date First Published: 12 Dec 2000
- Date Last Updated: 12 Dec 2000
- Severity Metric: 1.35
- Document Revision: 6
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.