|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
AIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the command lsfs is installed with the SUID bit and calls commands modified by an attacker. This flaw may lead to a loss of confidentiality and/or integrity.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Input Manipulation,
Other
Impact:
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
The lsfs command uses relative path environment variables to locate the lslv and grep commands. By manipulating these environment variables to point to a trojaned binary, an attacker can cause the lsfs command to run arbitrary code. By default the lsfs command is installed with the setuid bit set. This allows the trojaned binary to be run with root privelages.
Note that the lsfs command is not always installed with SUID bit on the above versions.
|
|
Solution |
Apply APAR IY16909 patch or upgrade to AIX 5.1 as both have been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround:
Use the chmod -s command to remove the setuid bit from lsfs.
|
|
Products |
|
AIX
 |
4.3.3 |
4.3.0 |
4.3.1 |
4.3.2 |
|
|
|
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
