A local overflow exists in IBM AIX. The program uuq fails to validate the -r parameter resulting in a buffer overflow. With a specially crafted request, an attacker can probably cause execution of arbitrary code as user uucp resulting in a loss of confidentiality and/or integrity.
Classification
Location:
Local Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
Solution
Upgrade AIX using the APAR numbers AIX 4.3: IY23401 and AIX 5.1: IY24231 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.
