HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-60
Multiple Vulnerabilities in IBM AIX

Original issue date: November 19, 2007

Systems Affected

  • IBM AIX 5.2 version
  • IBM AIX 5.3 version

Overview

Multiple vulnerabilities have been reported in IBM AIX which may allow an attacker to execute arbitrary code to take complete control of the affected system.

Description

1. IBM AIX Iqueryvg Local Privilege Escalation vulnerability . ( CVE-2007-4513 )

This vulnerability resides within the parsing of the '-p' command line. The argument to this option is copied into a fixed size stack buffer using the sprintf() function. The sprintf() function is used to copy arguments of the ‘-p' command line and store this data into a fixed size buffer without validating the length of the buffer causing the stack based buffer overflow.

An Attacker could exploit this vulnerability by executing arbitrary code on the compromised system to take complete control of the affected system.

2. IBM AIX bellmail Local Privilege Escalation vulnerability . (CVE-2007-4623)

A Stack-based buffer overflow vulnerabilty has been reported in bellmail in IBM AIX 5.2 and 5.3 due to a boundary error in the sendrmt function. A local attacker could exploit the vulnerability to execute arbitrary code via a long parameter to the m command.

3. IBM AIX ftp Local Privilege Escalation vulnerability .
(CVE-2007-4217)

A Stack-based buffer overflow vulnerabilty has been reported in ftp in IBM AIX 5.2 and 5.3 due to a boundary error in the domacro function. A local attacker could exploit the vulnerability to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.

4. Integer Underflow Vulnerability in dig ns_name_fromtext. (CVE-2007-4622)

A vulnerability has been reported in the dig program of AIX due to unspecified error in the handling of "dns_name_fromtext” in “libdns_nonsecure.a” and “libdns_secure.a” library. A local attacker could exploit the vulnerability via a crafted "-y" (TSIG key) command line argument to dig and execute arbitrary code with root privileges.

5. Buffer Overflow Vulnerability in crontab program .
(CVE-2007-4621)

A vulnerability has been reported in crontab via long command line arguments. A local attacker could exploit the vulnerability to compromise the system and execute arbitrary code.

Solution

Apply appropriate patches provided by the vendor :

ftp://aix.software.ibm.com/aix/efixes/security/lquerypv_ifix.tar ftp://aix.software.ibm.com/aix/efixes/security/bellmail_ifix.tar ftp://aix.software.ibm.com/aix/efixes/security/ftp_ifix.tar ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar ftp://aix.software.ibm.com/aix/efixes/security/crontab_ifix.tar

Vendor Information

IBM
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd
?mode=1

References

Frsirt
http://www.frsirt.com/english/advisories/2007/3669

Secunia
http://secunia.com/cve_reference/CVE-2007-4513/
http://secunia.com/cve_reference/CVE-2007-4623/
http://secunia.com/cve_reference/CVE-2007-4217/
http://secunia.com/cve_reference/CVE-2007-4622/
http://secunia.com/cve_reference/CVE-2007-4621/

CVE-Name
CVE-2007-4513
CVE-2007-4623
CVE-2007-4217
CVE-2007-4622
CVE-2007-4621

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003