FrSIRT - IBM AIX Multiple Privilege Escalation and Security Bypass Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

IBM AIX Multiple Privilege Escalation and Security Bypass Vulnerabilities

Title : IBM AIX Multiple Privilege Escalation and Security Bypass Vulnerabilities
Advisory ID : FrSIRT/ADV-2008-0261
CVE ID : CVE-2007-5764 - CVE-2008-0584 - CVE-2008-0585 - CVE-2008-0586 - CVE-2008-0587 - CVE-2008-0588 - CVE-2008-0589
Rated as : Moderate Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-01-24

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in IBM AIX, which could be exploited by malicious users to bypass security restrictions, disclose sensitive information or obtain elevated privileges.

The first issue is caused by buffer overflow errors in the swap, swapoff, swapon, lchangevg, ldeletepv, putlvodm, lvaryoffvg, lvgenminor, tellclvmd, utape, and uspchrp commands, which could be exploited by a local attacker (member of the "system" group) to execute arbitrary code with root privileges.

The second vulnerability is caused by a buffer overflow error in the "pioout" command, which could be exploited by malicious users to execute arbitrary code with root privileges.

The third issue is caused due to insecure permissions being set on various files installed by the Web-based System Manager (WebSM) Remote Client for Linux, which could be exploited by a non-privileged local user to write arbitrary data to the affected files.

The fourth vulnerability is caused by an unspecified error in the "ps" command when displaying current status of processes, which could be exploited by a non-privileged user to access sensitive data for arbitrary processes.

Credits

Vulnerabilities reported by the vendor, Andrea (bunker) Purificato, and iDefense Labs.

ChangeLog

2008-01-24 : Initial release
2008-01-25 : Updated References

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Microsoft Windows Kernel Local Integer Overflow Vulnerability
	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)

	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities