IBM AIX aixterm libIM library buffer overflow

aix-aixterm-libim-bo (11309)

High Risk

Description:

IBM AIX could allow a local attacker to gain root privileges on the system. By passing an overly long string to the /usr/lpp/X11/bin/aixterm binary using the -lm command line argument, a local attacker could overflow a buffer in the libIM library, which would cause the aixterm binary to crash and allow the attacker to execute arbitrary code on the system with root privileges.

Platforms Affected:

• IBM, AIX 4.3.3
• IBM, AIX 5.1
• IBM, AIX 5.2

Remedy:

Apply the appropriate APAR patch for your system, as listed below, available from the AIX Fix Distribution Service. See References.

AIX 4.3.3: IY40307
AIX 5.1.0: IY40317
AIX 5.2.0: IY40320

Consequences:

Gain Privileges

References:

• BugTraq Mailing List, Mon Feb 17 2003 - 01:00:23 CST, /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX at http://archives.neohapsis.com/archives/bugtraq/2003-02/0199.html.
• IBM Technical Support Web site, AIX Fix Distribution Service at http://www-03.ibm.com/servers/eserver/support/aix/downloading.html.
• iDEFENSE Security Advisory 02.12.03, Buffer Overflow in AIX libIM.a at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=18.
• BID-6840: IBM AIX libIM Buffer Overflow Vulnerability
• CVE-2003-0087: Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm.
• OSVDB ID: 7996: AIX libIM Library for NLS Multiple Vector Overflow

Reported:

Feb 12, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page