IBM AIX man privilege escalation
| ibm-aix-man-privilege-escalation (41067) |  High Risk |
Description:
IBM AIX could allow a local attacker to gain elevated privileges on the system, caused by the improper invoking of binaries without a full pathname by the "man" utility. By placing a malicious program in the pathname of the "man" utility, a local attacker could execute arbitrary code with the privileges of the victim, once the "man" utility is executed.
Platforms Affected:
- IBM, AIX 6.1
Remedy:
Refer to IBM APAR IZ17177 for patch, upgrade or suggested workaround information. See References.
Consequences:
Gain Privileges
References:
- IBM APAR IZ17177, /USR/BIN/MAN NOT USING FULL PATH BINARIES at http://www-1.ibm.com/support/docview.wss?uid=isg1IZ17177.
- BID-28180: IBM AIX 'man' Local Privilege Escalation Vulnerability
- CVE-2008-1274: Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory.
- FrSIRT/ADV-2008-0805: IBM AIX man Untrusted Binaries Path Privilege Escalation Vulnerability
- SA29301: AIX "man" Insecure Program Execution Vulnerability
- SECTRACK ID: 1019572: IBM AIX 'man' Utility May Let Local Users Gain Elevated Privileges
Reported:
Mar 07, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net