IBM AIX aixterm libIM library buffer overflow
| aix-aixterm-libim-bo (11309) |  High Risk |
Description:
IBM AIX could allow a local attacker to gain root privileges on the system. By passing an overly long string to the /usr/lpp/X11/bin/aixterm binary using the -lm command line argument, a local attacker could overflow a buffer in the libIM library, which would cause the aixterm binary to crash and allow the attacker to execute arbitrary code on the system with root privileges.
Consequences:
Gain Privileges
Remedy:
Apply the appropriate APAR patch for your system, as listed below, available from the AIX Fix Distribution Service. See References.
AIX 4.3.3: IY40307
AIX 5.1.0: IY40317
AIX 5.2.0: IY40320
References:
- BugTraq Mailing List, Mon Feb 17 2003 - 01:00:23 CST: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX.
- IBM Technical Support Web site: AIX Fix Distribution Service.
- iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a.
- BID-6840: IBM AIX libIM Buffer Overflow Vulnerability
- CVE-2003-0087: Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm.
- OSVDB ID: 7996: AIX libIM Library for NLS Multiple Vector Overflow
Platforms Affected:
- IBM AIX 4.3.3
- IBM AIX 5.1
- IBM AIX 5.2
Reported:
Feb 12, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net