• info
• discussion
• exploit
• solution
• references

IBM AIX Multiple Device Management Utilities Local Format String Vulnerability

Solution:
The vendor has released an advisory IBM-02-07-2005 to address this vulnerability. Fixes are not yet available, customers are advised to peruse the referenced advisory for further information pertaining to obtaining and applying an appropriate update.

The vendor has released an update to their original advisory. It has been reported that this issue affects the 'mkdev' and 'rmdev' utilities as well as the 'chdev' utilities. Please see the referenced updated advisory for more information.


IBM AIX 5.1

• IBM IY67455
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html


• IBM IY67654
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html


• IBM IY67741
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html

IBM AIX 5.2

• IBM IY67455
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html


• IBM IY67654
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html


• IBM IY67741
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html

IBM AIX 5.3

• IBM IY67455
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html


• IBM IY67654
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html


• IBM IY67741
  http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html