Info

Disclosure

Nov 05, 2002

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in IBM AIX. The nslookup utility fails to validate input resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code, but not with escalated privileges. Impact is low risk.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity, Impact Unknown
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade AIX using the APAR numbers AIX 4.3.3:IY40519, AIX 5.1: IY39985 and AIX 5.2: IY39992 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

International Business Machines Corporation	AIX	4.3.3
		5.1
		5.2

References

CVE ID: 2002-1551 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY33975
http://www-1.ibm.com/support/docview.wss?uid=isg1IY34670
http://www-1.ibm.com/support/docview.wss?uid=isg1IY39985
http://www-1.ibm.com/support/docview.wss?uid=isg1IY39992
http://www-1.ibm.com/support/docview.wss?uid=isg1IY40519

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/7997

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit