Info

Disclosure

Feb 21, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IBM AIX contains a flaw that may allow a malicious user to modify user accounts. The issue is triggered when a specially crafted LDAP request is sent to the secldapclntd daemon. It is possible that the flaw may allow modification of user accounts resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management, Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade AIX using the APAR numbers AIX 4.3.3: IY40510, AIX 5.1.0: IY40228 and AIX 5.2.0: IY40517 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

International Business Machines Corporation	AIX	4.3.3
		5.1
		5.2

References

ISS X-Force ID: 11452
CVE ID: 2003-0119 (see also: NVD)
CERT VU: 624713
Bugtraq ID: 7264
Vendor Specific Advisory URL: http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2003.0245.2
Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY40157
http://www-1.ibm.com/support/docview.wss?uid=isg1IY40228
http://www-1.ibm.com/support/docview.wss?uid=isg1IY40510

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/7995

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit