Zone-H.org - Unrestricted Information - AIX "man" Insecure Program Execution Vulnerability

AIX "man" Insecure Program Execution Vulnerability

Written by Marcelo Almeida (Vympel)

Monday, 10 March 2008

A vulnerability has been reported in AIX, which can be exploited by malicious, local users to gain escalated privileges.

The problem is that "man" invokes other binaries without full pathnames. This may be exploited to execute arbitrary code with the privileges of a user running "man" by placing a malicious program in the path...

Solution:
Apply APAR.

AIX 6.1.0:
Apply APAR IZ17177.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ17177
http://secunia.com/advisories/29301/

Comments Index (Total Messages: 0)

Post Reply
Name:	Guest
Title:
Comment:
Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!

DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.

< Prev		Next >

[ Back ]