Privilege escalation under IBM AIX 5.3
As a result of a vulnerability in IBM's current server operating system AIX 5.3, non-privileged local users may be able to gain complete control over the system. As reported by security services provider FrSIRT, a buffer overflow in the rdist command in the bos.rte.libc packet could be exploited by an attacker to obtain local root privileges.
An IBM advisory appears to state that the problem, which seems to be related to a setUID bit, has already been fixed. No further information on the vulnerability or on patches is given in either the FrSIRT or IBM documents. As a precaution, AIX administrators should update the bos.rte.libc packet to the latest version.
See also:
- IBM AIX "bos.rte.libc" RDIST Command Handling Local Privilege Escalation Vulnerability, advisory from FrSIRT
- IY94301: Buffer Overflow Vulnerability in SetUID CMD RDIST, advisory from IBM
(trk)