Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   OS (UNIX)  >   Rcp Vendors:   IBM
IBM AIX rcp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1008258
SecurityTracker URL:
CVE Reference:   CVE-2003-0954   (Links to External Site)
Updated:  Jul 6 2008
Original Entry Date:  Nov 20 2003
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): AIX 4.3.3, 5.1 and 5.2
Description:   A buffer overflow vulnerability was reported in the rcp command on IBM's AIX operating system. A local user can obtain root privileges on the system.

It is reported that a local user may be able execute arbitrary code wtih root privileges.

IBM notes that the flaw was discovered during an internal review.

No further details were provided.

Impact:   A local user may be able to gain root privileges.
Solution:   IBM has issued the following fixes:

APAR number for AIX 4.3.3: IY48272 (available)
APAR number for AIX 5.1.0: IY48747 (available)
APAR number for AIX 5.2.0: IY49238 (available)

Vendor URL: (Links to External Site)
Cause:   Boundary error

Message History:   None.

 Source Message Contents


Hash: SHA1


First Issued: Fri Nov 14 16:17:32 CST 2003

                            VULNERABILITY SUMMARY

VULNERABILITY:      Buffer overflow in rcp command.

PLATFORMS:          AIX 4.3.3, 5.1 and 5.2.

SOLUTION:           Apply the APARs as described below.

THREAT:             A local attacker can exploit this buffer overflow
                     to gain root privileges.

CERT VU Number:     n/a
CVE Number:         CAN-2003-0954
                            DETAILED INFORMATION

I.  Description
The rcp command is used to copy files between a local and remote host,
between two remote hosts or from one file on a remote host to another file
on that same remote host. A buffer overflow condition has been found that
may allow a local attacker to gain root privileges.

This issue was discovered internally. At this time there are no known

II. Impact
A local attacker may gain root privileges.

This vulnerability is not remotely exploitable.

III.  Solutions

A. Official Fix
IBM provides the following fixes:

       APAR number for AIX 4.3.3: IY48272 (available)
       APAR number for AIX 5.1.0: IY48747 (available)
       APAR number for AIX 5.2.0: IY49238 (available)

NOTE: Affected customers are urged to upgrade to 4.3.3, 5.1.0 or 5.2.0 at
the latest maintenance level.

IV. Obtaining Fixes

AIX Version 4.3.3 and Version 5 APARs can be downloaded from the eServer
pSeries Support web site:

V.  Contact Information
If you would like to receive AIX Security Advisories via email, please visit:

Comments regarding the content of this announcement can be directed to:

To request the PGP public key that can be used to encrypt new AIX
security vulnerabilities, send email to
with a subject of "get key".

Please contact your local IBM AIX support center for any assistance.

eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their
respective holders.

Version: GnuPG v1.2.1 (MingW32)



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC