Info

Disclosure

Apr 30, 2002

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in IBM AIX. The mail/mailx command fails to validate input resulting in a possible buffer overflow. With a specially crafted request, an attacker can cause arbitrary command execution. The mail/mailx utility is not SUID and thus does not result in privilege escalation nor loss of confidentiality and/or integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity, Impact Unknown
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Myth / Fake

Solution

Upgrade to version 4.3.3 (APAR IY29516), 5.1.0 (APAR IY28170) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

International Business Machines Corporation	AIX	4.3.3
		5.1.0

References

CVE ID: 2002-0743 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/aix/2002-q2/0005.html
Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY28170
http://www-1.ibm.com/support/docview.wss?uid=isg1IY29516
Keyword: IY30431

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/8005

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit