Info

Disclosure

Feb 01, 1994

Discovery

Unknown

Dates

Exploit

Feb 01, 1994

Solution

Unknown

Description

AIX Performance Tools contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the 'tprof' utility is run with the '-x' parameter. Command arguments supplied to this parameter are run with the same privileges as 'tprof' (SUID root by default), allowing arbitrary privileged command execution.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Products

International Business Machines Corporation	AIX	3.2.4
		3.2.5

References

Related OSVDB ID: 17072 17073 17074 17075 17076 17077 17078 17079 17080 17081 7986
CVE ID: 1999-0338 (see also: NVD)
ISS X-Force ID: 504
Keyword: APAR IX42332 bosext1.extcmds.obj Licensed Program Product PTF U420020 U422510
CERT: CA-1994-03
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1994_2/0269.html
http://archives.neohapsis.com/archives/bugtraq/1994_2/0270.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/17082

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit