There is a buffer overflow in the IBM AIX portmir command that may allow local users to gain root privileges.
There is a buffer overflow in the echo_error routine of the IBM AIX portmir command. An attacker may be able to corrupt lock files in the "/etc/locks" directory.
While full impact of this vulnerability is not known for sure, it appears that attackers with access to a local account may be able to gain root privileges.
Apply a Patch
IBM has released patches to correct this problem. For AIX version 4.3.0, system administrators should apply APAR#IY07832.
This document was written by Cory F. Cohen.
|Date First Published:||2001-09-26|
|Date Last Updated:||2001-09-26 20:22 UTC|