Info

Disclosure

Apr 30, 2002

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in IBM AIX. The uucp command fails to validate input file string parameters (-s parameter) resulting in a buffer overflow. With a specially crafted request longer than BUFSIZ, an attacker can cause segmentation faults resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 4.3.3 (APAR IY29519), 5.1.0 (APAR IY28158) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

International Business Machines Corporation	AIX	4.3.3
		5.1.0

References

ISS X-Force ID: 11252
CVE ID: 2002-0745 (see also: NVD)
Related OSVDB ID: 8755
Mail List Post: http://archives.neohapsis.com/archives/aix/2002-q2/0005.html
Other Advisory URL: http://archives.neohapsis.com/archives/aix/2002-q2/0005.html
Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY28158
http://www-1.ibm.com/support/docview.wss?uid=isg1IY29518
http://www-1.ibm.com/support/docview.wss?uid=isg1IY29519

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/8003

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit