AIX digest Buffer Overflow Vulnerability

AIX is a version of the UNIX Operating System distributed by IBM. A vulnerability exists in the operating system which could allow a user an elevation in priviledge.

The problem occurs in the digest binary. It is reported that it is possible to overflow a buffer in the program and overwrite a pointer to the stack, which in turn can result in an overflow in a library referenced by the binary. The secondary overflow in the library makes it possible to overwrite other stack variables, including the return address.

A malicious user could use this vulnerability to gain an elevation in priviledges, and potentially UID 0.


 

Privacy Statement
Copyright 2010, SecurityFocus