SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Rcp Vendors:   IBM
IBM AIX rcp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1008258
SecurityTracker URL:  http://securitytracker.com/id/1008258
CVE Reference:   CVE-2003-0954   (Links to External Site)
Updated:  Jul 6 2008
Original Entry Date:  Nov 20 2003
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): AIX 4.3.3, 5.1 and 5.2
Description:   A buffer overflow vulnerability was reported in the rcp command on IBM's AIX operating system. A local user can obtain root privileges on the system.

It is reported that a local user may be able execute arbitrary code wtih root privileges.

IBM notes that the flaw was discovered during an internal review.

No further details were provided.

Impact:   A local user may be able to gain root privileges.
Solution:   IBM has issued the following fixes:

APAR number for AIX 4.3.3: IY48272 (available)
APAR number for AIX 5.1.0: IY48747 (available)
APAR number for AIX 5.2.0: IY49238 (available)

Vendor URL:  www.ibm.com/ (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents

Subject:  IBM SECURITY ADVISORY


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IBM SECURITY ADVISORY

First Issued: Fri Nov 14 16:17:32 CST 2003

===========================================================================
                            VULNERABILITY SUMMARY

VULNERABILITY:      Buffer overflow in rcp command.

PLATFORMS:          AIX 4.3.3, 5.1 and 5.2.

SOLUTION:           Apply the APARs as described below.

THREAT:             A local attacker can exploit this buffer overflow
                     to gain root privileges.

CERT VU Number:     n/a
CVE Number:         CAN-2003-0954
===========================================================================
                            DETAILED INFORMATION


I.  Description
===============
The rcp command is used to copy files between a local and remote host,
between two remote hosts or from one file on a remote host to another file
on that same remote host. A buffer overflow condition has been found that
may allow a local attacker to gain root privileges.

This issue was discovered internally. At this time there are no known
exploits.


II. Impact
==========
A local attacker may gain root privileges.

This vulnerability is not remotely exploitable.


III.  Solutions
===============

A. Official Fix
IBM provides the following fixes:

       APAR number for AIX 4.3.3: IY48272 (available)
       APAR number for AIX 5.1.0: IY48747 (available)
       APAR number for AIX 5.2.0: IY49238 (available)

NOTE: Affected customers are urged to upgrade to 4.3.3, 5.1.0 or 5.2.0 at
the latest maintenance level.


IV. Obtaining Fixes
===================

AIX Version 4.3.3 and Version 5 APARs can be downloaded from the eServer
pSeries Support web site:

      https://techsupport.services.ibm.com/server/aix.fdc

V.  Contact Information
========================
If you would like to receive AIX Security Advisories via email, please visit:
      https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs.

Comments regarding the content of this announcement can be directed to:

      security-alert@austin.ibm.com

To request the PGP public key that can be used to encrypt new AIX
security vulnerabilities, send email to security-alert@austin.ibm.com
with a subject of "get key".

Please contact your local IBM AIX support center for any assistance.

eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their
respective holders.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)

iD8DBQE/u5bVcnMXzUg7txIRAtKUAKCcr6do0s9MBCV3Ykp7OKFXJ3qElwCfbWYm
3Uf9m8Ee6Y2LE8r7JOqIB58=
=dgMk
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC