IBM Parallel Environment for AIX privilege escalation

ibm-pe-gain-privileges (16093) The risk level is classified as HighHigh Risk

Description:

IBM Parallel Environment for AIX (PE) could allow a local attacker to gain elevated privileges on the system, caused by a vulnerability in the Network Table and Switch Table sample code. A local attacker could exploit this vulnerability to execute arbitrary commands on the system with root privileges.


Consequences:

Gain Privileges

Remedy:

For PE 3.2:
Apply APAR IY56382, when it becomes available, as listed in IBM Security Advisory dated Thu Apr 22 15:17:51 CDT 2004. See References.

For PE 4.1:
Apply APAR IY56383, as listed in IBM Security Advisory dated Thu Apr 22 15:17:51 CDT 2004. See References.

References:

  • IBM Security Advisory Thu Apr 22 15:17:51 CDT 2004: Potential vulnerability in Network Table and Switch Table manipulation code.
  • BID-10310: IBM Parallel Environment Network Table API Sample Code Undisclosed Command Execution Vulnerability
  • CVE-2004-2270: Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code.
  • OSVDB ID: 6008: IBM Parallel Environment Arbitrary Code Execution
  • SA11580: IBM Parallel Environment Sample Code Privilege Escalation Vulnerability
  • SECTRACK ID: 1010109: IBM Parallel Environment Sample Code Lets Local Users Execute Arbitrary Commands With Root Privileges

Platforms Affected:

  • IBM Parallel Environment 3.2
  • IBM Parallel Environment 4.1

Reported:

May 10, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page