AIX pioout Buffer Overflow Vulnerability

AIX is a variant of the UNIX Operating System, distributed by IBM. A problem exists which could allow elevation of priviledges for local users.

The problem exists in the pioout program. Parsing of the environment variable PIODEVNAME when stored in heap memory causes the program to die, due to insufficient handling by a strcpy() function. This makes it possible for a malicious user to generate a custom crafted environment variable that could allow for the overwriting of stack variables, and potentially execute arbitrary code.


Privacy Statement
Copyright 2010, SecurityFocus