Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 IBM AIX chcod Lets Certain Local Users Execute Arbitrary Code With Privileges
Categorie: Vulnerability
Posted: 2004-12-23 by ReCall
Views: 408
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: iDEFENSE reported a vulnerability in IBM AIX in the 'chcod' command. A local user with certain privileges can gain root privileges.

It is reported that a local user with 'system' group privileges can set the PATH variable to point to a specially crafted 'grep' application and then invoke '/usr/sbin/chcod' to cause the alternate 'grep' application to be executed with root privileges.

The vendor was notified on November 2, 2004.

iDEFENSE Labs discovered this flaw.

The original advisory is available at:

http://www.idefense.com/application/poi/displ ay?id=170&type=vulnerabilities

Impact: A local user with system group privileges can gain root user privileges on the target system.

Solution: IBM has issued the following fixes:

APAR number for AIX 5.1.0: IY64356 (available)
APAR number for AIX 5.2.0: IY64355 (available)
APAR number for AIX 5.3.0: IY64354 (available)
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1249

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES