---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: IBM AIX Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26715 VERIFY ADVISORY: http://secunia.com/advisories/26715/ CRITICAL: Less critical IMPACT: Privilege escalation, DoS, Manipulation of data WHERE: Local system REVISION: 2.0 originally posted 2007-09-06 OPERATING SYSTEM: AIX 5.x http://secunia.com/product/213/ DESCRIPTION: Multiple vulnerabilities have been reported in IBM AIX, which can be exploited by malicious, local users to delete certain system files, cause a DoS (Denial of Service), or gain escalated privileges. 1) Boundary errors within fcstat, ibstat, mkpath, svprint, swcons, uucp UNIX-to-UNIX Copy, and xlplm commands can be exploited to cause buffer overflows. Successful exploitation allows execution of arbitrary code with root privileges. 2) User privileges are not being checked by the perfstat system call in perfstat kernel extension for SET operations and can be exploited to e.g. cause the system to hang. 3) An input validation error in the invscout command can be exploited to e.g. delete certain system files. SOLUTION: Apply interim fixes or APARs as soon as they become available: ftp://aix.software.ibm.com/aix/efixes/security/svprint_ifix.tar.Z ftp://aix.software.ibm.com/aix/efixes/security/swcons_ifix.tar.Z ftp://aix.software.ibm.com/aix/efixes/security/xlplm_ifix.tar.Z ftp://aix.software.ibm.com/aix/efixes/security/invscout_ifix.tar.Z AIX 5.2.0: APAR IY94739 APAR IY91132 APAR IZ02717 (available approximately 10/31/2007) APAR IY98819 (available approximately 10/31/2007) APAR IY97215 APAR IZ00997 (available approximately 10/31/2007) APAR IY98506 (available approximately 11/27/2007) AIX 5.3.0: APAR IY94761 APAR IY97233 APAR IY91145 APAR IY97309 APAR IZ02718 (available approximately 11/27/2007) APAR IY98804 (available approximately 11/27/2007) APAR IY95852 APAR IZ00997 (available approximately 11/27/2007) APAR IY98506 (available approximately 11/27/2007) PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. CHANGELOG: 2007-09-06: Updated advisory based on additional information from IBM. Added vulnerability #3 and additional link. ORIGINAL ADVISORY: IBM: ftp://aix.software.ibm.com/aix/efixes/security/README http://www-1.ibm.com/support/docview.wss?uid=isg1IY94739 http://www-1.ibm.com/support/docview.wss?uid=isg1IY94761 http://www-1.ibm.com/support/docview.wss?uid=isg1IY97233 http://www-1.ibm.com/support/docview.wss?uid=isg1IY91132 http://www-1.ibm.com/support/docview.wss?uid=isg1IY91145 http://www-1.ibm.com/support/docview.wss?uid=isg1IY97309 http://www-1.ibm.com/support/docview.wss?uid=isg1IZ02717 http://www-1.ibm.com/support/docview.wss?uid=isg1IZ02718 http://www-1.ibm.com/support/docview.wss?uid=isg1IY98819 http://www-1.ibm.com/support/docview.wss?uid=isg1IY98804 http://www-1.ibm.com/support/docview.wss?uid=isg1IY97215 http://www-1.ibm.com/support/docview.wss?uid=isg1IY95852 http://www-1.ibm.com/support/docview.wss?uid=isg1IY98506 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------