ISS X-Force Database: aix-lsfs-path(7007): IBM AIX "lsfs" trojaned grep/lslv

IBM AIX "lsfs" trojaned grep/lslv

aix-lsfs-path (7007)

High Risk

Description:

Lsfs could allow an attacker to execute arbitrary code by replacing the lslv or grep binaries with Trojan horse programs. The lsfs command uses the PATH environment variable to call the grep and lslv binaries. This allows an attacker to cause lsfs to execute the Trojan horse programs with elevated privileges.

Platforms Affected:

IBM, AIX 4.3

Remedy:

For IBM AIX 4.3:
Apply APAR IY16909 patch, available from the IBM Technical Support Web site. See References.

Consequences:

Gain Access

References:

IBM AIX APAR IY16909 APAR Notes, Re: New_AIXV4_Fixes at http://archives.neohapsis.com/archives/aix/2001-q2/0000.html. (From Neohapsis archive)
IBM AIX Commands Reference, Volume 3, lslv Command at http://as400bks.rochester.ibm.com/doc_link/en_US/a_doc_lib/cmds/aixcmds3/lslv.htm.
IBM AIX Commands Reference, Volume 3, lsfs Command at http://as400bks.rochester.ibm.com/doc_link/en_US/a_doc_lib/cmds/aixcmds3/lsfs.htm.
IBM Technical Support Web site, IY16909 - (AIXV43 only) security risk in lsfs at http://techsupport.services.ibm.com/cgi-bin/support/rs6000.support/fdget?fixdb=aix4&srchtype=apar&hits-menu=IY16909+-+%28AIXV43+only%29+security+risk+in+lsfs&aix_level=AIX+4.3.3&select_site=us&select_lang=ALL.
BID-6741: AIX lsfs Local Privilege Escalation Vulnerability
CVE-2001-0573: lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.
OSVDB ID: 5582: AIX lsfs Environment Path Local Privilege Escalation
US-CERT VU#123651: IBM AIX lsfs utility invokes grep and lslv with relative pathnames

Reported:

Apr 03, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page