CERT-In Advisory
CIAD-2007-0060
Multiple Vulnerabilities in IBM AIX
Original Issue Date: November 19, 2007
Severity Rating: High
Systems Affected
- IBM AIX 5.2 version
- IBM AIX 5.3 version
Overview
Multiple vulnerabilities have been reported in IBM AIX which may allow an attacker to execute arbitrary code to take complete control of the affected system.
Description
1. IBM AIX Iqueryvg Local Privilege Escalation vulnerability
(
CVE-2007-4513
)
This vulnerability resides within the parsing of the '-p' command line. The argument to this option is copied into a fixed size stack buffer using the sprintf function. The sprintf function is used to copy arguments of the -p' command line and store this data into a fixed size buffer without validating the length of the buffer causing the stack based buffer overflow.
An Attacker could exploit this vulnerability by executing arbitrary code on the compromised system to take complete control of the affected system.
2. IBM AIX bellmail Local Privilege Escalation vulnerability .
(
CVE-2007-4623
)
A Stack-based buffer overflow vulnerabilty has been reported in bellmail in IBM AIX 5.2 and 5.3 due to a boundary error in the sendrmt function. A local attacker could exploit the vulnerability to execute arbitrary code via a long parameter to the m command.
3. IBM AIX ftp Local Privilege Escalation vulnerability .
(
CVE-2007-4217
)
A Stack-based buffer overflow vulnerabilty has been reported in ftp in IBM AIX 5.2 and 5.3 due to a boundary error in the domacro function. A local attacker could exploit the vulnerability to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.
4. Integer Underflow Vulnerability in dig ns_name_fromtext.
(
CVE-2007-4622
)
A vulnerability has been reported in the dig program of AIX due to unspecified error in the handling of "dns_name_fromtext in libdns_nonsecure.a and libdns_secure.a library. A local attacker could exploit the vulnerability via a crafted "-y" TSIG key command line argument to dig and execute arbitrary code with root privileges.
5. Buffer Overflow Vulnerability in crontab program .
(
CVE-2007-4621
)
A vulnerability has been reported in crontab via long command line arguments. A local attacker could exploit the vulnerability to compromise the system and execute arbitrary code.
Solution
Apply appropriate patches provided by the vendor :
ftp://aix.software.ibm.com/aix/efixes/security/lquerypv_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/bellmail_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/ftp_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/crontab_ifix.tar
Vendor Information
IBM
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=1
References
Frsirt
http://www.frsirt.com/english/advisories/2007/3669
Secunia
http://secunia.com/cve_reference/CVE-2007-4513/
http://secunia.com/cve_reference/CVE-2007-4623/
http://secunia.com/cve_reference/CVE-2007-4217/
http://secunia.com/cve_reference/CVE-2007-4621/
CVE Name
CVE-2007-4513
CVE-2007-4623
CVE-2007-4217
CVE-2007-4622
CVE-2007-4621
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|