Computer Security
[EN] securityvulns.ru no-pyccku


IBM AIX utilities multiple security vulnerabilities
Published:27.07.2007
Source:
SecurityVulns ID:7983
Type:remote
Threat Level:
6/10
Description:Multiple suid root ftp client buffer overflow, dynamic library loading via -R command line argument in pioout, buffer overflow with terminal control sequences in capture.
Affected:IBM : AIX 5.3
CVE:CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.)
 CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.)
 CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities (27.07.2007)
 documentIDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability (27.07.2007)
 documentIDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX pioout Arbitrary Library Loading Vulnerability (27.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod