AIX cdmount Insecure External Program Call Vulnerability

A vulnerability exist in the cdmount program, shipped by IBM as part of AIX. Any AIX system which ships with the LPP UMS.objects 2.3.0.0 and below is vulnerable. cdmount is installed setuid root. It performs a system() call to execute the mount program with arguments provided by the user. By supplying shell metacharacters as arguments to cdmount, it is possible to execute commands with root privilege.


 

Privacy Statement
Copyright 2010, SecurityFocus