IBM AIX utilities multiple security vulnerabilities
Published:		27.07.2007
Source:		BUGTRAQ
SecurityVulns ID:		7983
Type:		remote
Level:		6/10
Description:		Multiple suid root ftp client buffer overflow, dynamic library loading via -R command line argument in pioout, buffer overflow with terminal control sequences in capture.

Affected:		IBM : AIX 5.3
CVE:		CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.)
		CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.)
		CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.)

Original document		IDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities (27.07.2007)
		IDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability (27.07.2007)
		IDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX pioout Arbitrary Library Loading Vulnerability (27.07.2007)

Discuss:

Read or add your comments to this news (0 comments)