IBM Performance Tools Access Control Bug May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1005716 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 26 2002
|
Impact: Root access via local system, User access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): AIX 4.3.0, 5.1.0
|
Description: A vulnerability was reported in IBM performance tools for the AIX operating system. A local user may be able to gain elevated privileges on the system.
IBM reported that a vulnerability exists in the Virtual Memory Manager (VMM) performance tools for the AIX operating system. Code
that processes kernel extensions (kex) reportedly includes system calls that do not check for privileges before executing, potentially
allowing a local user to gain elevated privileges on the system.
|
Impact: A local user may be able to gain elevated privileges on the system.
|
Solution: IBM has issued APARs IY36422 (AIX 4.3.0) and IY35542 (AIX 5.1.0) to fix the vulnerability.
|
Vendor URL: techsupport.services.ibm.com/server/aix.uhuic_getrec?args=DVsteamboat.boulder.ibm.com+DBAIX2+DA1244+STIY36422+USbin (Links to External Site)
|
Cause: Access control error
|
Underlying OS: UNIX (AIX)
|
Underlying OS: UNIX (AIX)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 26 Nov 2002 17:10:26 -0500
Subject: SECURITY: PERFVMMSTAT EXTENSION PRIVILEGE ERRORS
|
IBM warned of a vulnerability in Virtual Memory Manager (VMM) performance tools for the
AIX operating system. Code that processes kernel extensions (kex) reportedly includes
system calls that do not check for privileges before executing.
IBM has issued APARs IY36422 and IY35542 to fix the vulnerability.
---
Abstract: IY36422: SECURITY: PERFVMMSTAT EXTENSION PRIVILEGE ERRORS
Date 02/11/22 Database: Closed AIX 43 APARs
hit Abstract: IY35542: SECURITY: PERFVMMSTAT EXTENSION PRIVILEGE ERRORS
Date 02/11/07 Database: Closed AIX 5L APARs
|
|
