IBM AIX LANG Environment Variable Buffer Overflow Vulnerability

IBM AIX LANG Environment Variable Buffer Overflow Vulnerability

Versions of IBM AIX contain a vulnerability which can allow a local root compromise.

A buffer overflow has been found in the handling of the LANG environment variable. Privileged programs using the libi18n library can permit a local user to execute arbitrary code.

By inserting carefully-composed malicious input into the LANG environment variable, it is possible to overwrite stack variables, including the return address of the calling function.

This problem makes it possible for a local user to execute arbitrary code, gaining elevated privileges and potentially root access.