Multiple vulnerabilities have been identified in IBM AIX, which could be exploited by local attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or obtain elevated privileges.
The first issue is caused by an error when restarting a 64-bit process via the checkpoint, which could cause the restart feature to gain read and write access to certain areas of kernel memory, resulting in execution of arbitrary code.
The second vulnerability is caused by an error when a single node reduces the size of a JFS2 filesystem residing on a concurrent volume group, which could cause remote nodes of the concurrent volume group to crash, resulting in a denial of service.
The third vulnerability is caused by an error in the proc filesystem that does not enforce directory access controls correctly when the permission on a directory is more restrictive than permission on the currently executing file in that directory, which could be exploited to gain knowledge of sensitive information.
The fourth issue is caused by an error in Trusted Execution that fails to protect files when the modifications are made via hard links, which could be exploited by malicious users to manipulate certain data.
The fifth vulnerability is caused by unspecified errors in certain WPAR specific system calls, which could cause a denial of service.
The sixth issue is caused by an error when running ProbeVue, which could be exploited by authorized users to read from any kernel memory address.
The seventh vulnerability is caused by errors in the nddstat family of commands ("/usr/sbin/atmstat", "/usr/sbin/entstat", "/usr/sbin/fddistat","/usr/sbin/hdlcstat" and "/usr/sbin/tokstat") when handling environment variables, which could be exploited by local attackers to execute arbitrary code with "root" privileges".
The eighth issue is caused by an error in the "/usr/sbin/lsmcode" command when handling environment variables, which could be exploited by local attackers to execute arbitrary code with "root" privileges".
The ninth vulnerability is caused by a buffer overflow error in the "/usr/sbin/reboot" command when processing malformed arguments, which could allow a local attacker in the shutdown group to execute arbitrary code with "root" privileges.
Credits
Vulnerabilities reported by the vendor.
ChangeLog
2008-03-12 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
