SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   IBM AIX Vendors:   IBM
IBM AIX pioinit Lets Local Users Replace a File to Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1018468
SecurityTracker URL:  http://securitytracker.com/id/1018468
CVE Reference:   CVE-2007-4238   (Links to External Site)
Updated:  Apr 24 2008
Original Entry Date:  Jul 27 2007
Impact:   Execution of arbitrary code via local system, Modification of system information, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.2, 5.3
Description:   A vulnerability was reported in IBM AIX. A local user can obtain root privileges on the target system.

A local user with 'bin' user group privileges can install an alternate pioinit file. Then, when the script is run by the system, arbitrary code in the file will be executed with root privileges.

The vendor discovered this vulnerability.
Impact:   A local user can obtain root privileges on the target system.
Solution:   The vendor has issued the following fixes.

For 5.2.0: IY79785
For 5.3.0: IY79786

An interim fix is also available at:

ftp://aix.software.ibm.com/aix/efixes/security/pioinit_ifix.tar.Z
Vendor URL:  www.ibm.com/ (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC