• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

AIX 'lsfs' Local Privilege Escalation Vulnerability

The lsfs utility, for IBM's AIX operating system, contains a vulnerability which could allow a malicious user to execute commands with elevated privileges. The problem occurs due to the implicit location defined when executing other system utlities.

By modifying shell environment it may be possible for the attacker to trick lsfs into running the attacker-supplied binary. As lsfs is installed setuid 'root', all commands executed using the described method would be done so with superuser privileges.