---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: IBM AIX Multiple Vulnerabilities SECUNIA ADVISORY ID: SA29349 VERIFY ADVISORY: http://secunia.com/advisories/29349/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS WHERE: Local system OPERATING SYSTEM: AIX 5.x http://secunia.com/product/213/ AIX 6.x http://secunia.com/product/16995/ DESCRIPTION: Some vulnerabilities are reported in IBM AIX, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information, or to gain escalated privileges. 1) The problem is that a 64-bit process, which is restarted via the checkpoint and restart feature, gains read and write access to certain areas of kernel memory. This can be exploited to execute arbitrary code. 2) An unspecified error can be exploited to crash remote nodes of a concurrent volume group, when a single node reduces the size of a JFS2 filesystem residing on the concurrent volume group. 3) The problem is that the proc filesystem does not enforce directory access controls correctly when the permission on a directory is more restrictive than permission on the currently-executing file in that directory. 4) Unspecified errors in some WPAR specific system calls can potentially be exploited to cause a DoS. 5) An unspecified error can be exploited by a user with privileges to run "ProbeVue" to disclose arbitrary kernel memory. 6) An unspecified error when handling environment variables within the "atmstat", "entstat", "fddistat", "hdlcstat", and "tokstat" commands of the "nddstat" family can be exploited to execute arbitrary code with root privileges. 7) An unspecified error when handling environment variables within the "lsmcode" command can be exploited to execute arbitrary code with root privileges. The vulnerabilities are reported in AIX 5.2, 5.3, and 6.1. SOLUTION: Apply interim fixes or APARs as soon as they become available. ftp://aix.software.ibm.com/aix/efixes/security/kernel_fix.tar -- APARs -- AIX 5.2.0: Apply the following APARs. * IZ16992 * IZ16991 * IZ15276 AIX 5.3.0: Apply the following APARs: * IZ17111 (available approximately 3/17/2008) * IZ17058 (available approximately 3/17/2008) * IZ15100 AIX 5.3.7: Apply the following APARs: * IZ11820 (available approximately 3/17/2008) * IZ17059 (available approximately 3/17/2008) * IZ15057 AIX 6.1.0: Apply the following APARs: * IZ12794 * IZ16975 * IZ15277 ORIGINAL ADVISORY: IBM: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4159 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4160 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4161 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------