SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   OS (UNIX)  >   AIX Vendors:   IBM
IBM AIX lsmcode Bug Lets Local Users Gain Root Privileges
SecurityTracker Alert ID:  1016166
SecurityTracker URL:  http://securitytracker.com/id/1016166
CVE Reference:   CVE-2006-2647   (Links to External Site)
Updated:  Aug 25 2009
Original Entry Date:  May 27 2006
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.1, 5.2, 5.3
Description:   A vulnerability was reported in IBM AIX. A local user can obtain elevated privileges on the target system.

A local user can trigger a flaw in 'lsmcode' and execute arbitrary code on the target system with root level privileges.
Impact:   A local user can obtain root privileges on the target system.
Solution:   The vendor plans to issue the following fixes:

APAR number for AIX 5.1.0: IY85518 (available approx. 7/19/06)
APAR number for AIX 5.2.0: IY88524 (available approx. 8/23/06)
APAR number for AIX 5.3.0: IY85517 (available approx. 8/23/06)

The vendor plans to issue interm fixes "within the coming week," to be available at:

ftp://aix.software.ibm.com/
Vendor URL:  www.ibm.com/ (Links to External Site)
Cause:   Not specified
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Fri, 26 May 2006 20:45:49 -0400
Subject:  IBM AIX vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IBM SECURITY ADVISORY


First Issued:  Fri May 26 15:45:51 CDT 2006

==========================================================================
                           VULNERABILITY SUMMARY

VULNERABILITY:      A vulnerability in lsmcode may allow local
                    users to execute arbitrary code with root
                    privileges.

PLATFORMS:          AIX 5.1, 5.2 and 5.3.

SOLUTION:           Apply the APAR, interim fix or workaround as
                    described below.

THREAT:             A local user may execute arbitrary code as root.

CERT VU Number:     n/a
CVE Number:         n/a
=========================================================================
                           DETAILED INFORMATION


I.  Description
===============

A vulnerability was discovered in the lsmcode command that may allow a 
local attacker to execute arbitrary code as the root user. The lsmcode
command is used to display microcode and firmware levels of system
adapters and devices.


lsmcode ships as part of the bos.diag.util fileset.


II. Impact
==========

A local user may execute arbitrary code as the root user.


III.  Solutions
===============

A. Official Fix

IBM provides the following fixes:


      APAR number for AIX 5.1.0:  IY85518 (available approx. 7/19/06)
      APAR number for AIX 5.2.0:  IY88524 (available approx. 8/23/06)
      APAR number for AIX 5.3.0:  IY85517 (available approx. 8/23/06)

NOTE: Affected customers are urged to upgrade to the latest applicable
Technology Level.

B. Interim Fix

Interm fixes will be available within the coming week. When available, the
ifixes can be downloaded via ftp from aix.software.ibm.com .



C. Workaround

Remove Non-Root Permissions
+----------------
To prevent non-root users from running the command 

# chmod 500 /usr/sbin/lsmcode

These permissions will only allow the root user to run lsmcode.


IV. Obtaining Fixes
===================

AIX Version 5 APARs can be downloaded from:

     http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html

Security related Interim Fixes can be downloaded from:

     ftp://aix.software.ibm.com/aix/efixes/security


V.  Contact Information
=======================

If you would like to receive AIX Security Advisories via email, please
visit:

     http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd

Comments regarding the content of this announcement can be directed to:

     security-alert@austin.ibm.com

To request the PGP public key that can be used to communicate securely
with the AIX Security Team send email to security-alert@austin.ibm.com
with a subject of "get key". The key can also be downloaded from a PGP
Public Key Server. The key id is 0x9391C1F2.

Please contact your local IBM AIX support center for any assistance.

eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their respective
holders.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (AIX)

iD8DBQFEd4FzofN/JhsU8pkRApkgAJwL0ST42A0IhFTzeKWaiiZr7/VxBACfbm+z
HZ+wnjrTmK84krE2qIG9oxk=
=5yUc
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC