Info

Disclosure

Feb 12, 2003

Discovery

Unknown

Dates

Exploit

Feb 12, 2003

Solution

Feb 11, 2003

Description

A local overflow exists in IBM AIX library libIM. The library functions fails to validate input using the input methods "im" parameter resulting in a buffer overflow. With a specially crafted request to applications using this library, an attacker can cause execution of code resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade AIX using the patch numbers AIX 4.3.3: APAR IY40307, AIX 5.1: APAR IY40317 and AIX 5.2: APAR IY40320 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

International Business Machines Corporation	AIX	4.3.3
		5.1
		5.2

References

ISS X-Force ID: 11309
Related OSVDB ID: 1678
CVE ID: 2003-0087 (see also: NVD)
Bugtraq ID: 6840
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-02/0199.html
Vendor Specific Advisory URL: http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0141.1
Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY40307
http://www-1.ibm.com/support/docview.wss?uid=isg1IY40317
http://www-1.ibm.com/support/docview.wss?uid=isg1IY40320
Other Advisory URL: http://www.idefense.com/application/poi/display?id=18&type=vulnerabilities
http://www.securiteam.com/unixfocus/5WP0B0U95O.html

Credit

Euan Briggs - euan_briggsbtinternet.com -

Direct URL: http://osvdb.org/7996

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit