Info

Disclosure

Oct 30, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Private, Exploit Commercial
Disclosure: Vendor Verified

Solution

IBM has released a patch to address this vulnerability. Additionally, it is possible to temporarily work around the flaw by implementing the following workaround: Removing the set-uid bit from the binary will prevent exploitation, but may make the program unusable by non-root users.

Products

Unknown or Incomplete

References

Security Tracker: 1018871
CVE ID: 2007-4513 (see also: NVD)
Bugtraq ID: 26256 26259
Secunia Advisory ID: 27437
SCIP VulDB ID: 3421
ISS X-Force ID: 38165
Related OSVDB ID: 40393 40394 40395 40396 40397 40398 40399 40400 40401 40402 40403 40404 40405 40407
VUPEN Advisory: ADV-2007-3669
Vendor Specific News/Changelog Entry: ftp://aix.software.ibm.com/aix/efixes/security/lqueryvg_ifix.tar http://www-1.ibm.com/support/docview.wss?uid=isg1IZ05129
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ05200
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ05349
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ05877
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ05971
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-10/0437.html
Generic Exploit URL: http://immunitysec.com
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=615

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/40406