Info

Disclosure

Aug 28, 2001

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IBM AIX contains a flaw related to the lsmcode command that may allow an attacker to overflow a buffer by providing malicious input and it might result in privilege escalation. No further details have been provided.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Impact Unknown
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 4.3.3 (APAR IY22255), 5.1.0 (APAR IY22266) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

International Business Machines Corporation	AIX	4.3.3
		5.1.0

References

CVE ID: 2001-1061 (see also: NVD)
ISS X-Force ID: 8714
Mail List Post: http://archives.neohapsis.com/archives/aix/2001-q3/0003.html
Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY22255
http://www-1.ibm.com/support/docview.wss?uid=isg1IY22266

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/8012

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit