Vigil@nce: AIX, buffer overflow of syscall
July 2009 by Vigil@nce
A local attacker can generate two buffer overflows in system calls
under AIX, in order to elevate his privileges.
Severity: 2/4
Consequences: administrator access/rights
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 09/07/2009
IMPACTED PRODUCTS
– IBM AIX
DESCRIPTION OF THE VULNERABILITY
System calls are the interface between users and the kernel:
open(), close(), read(), etc.
A local attacker can generate two buffer overflows in system calls
under AIX, in order to elevate his privileges.
Technical details are unknown.
CHARACTERISTICS
Identifiers: BID-35615, CVE-2009-2434, IZ54713, IZ54714,
VIGILANCE-VUL-8850
http://vigilance.fr/vulnerability/AIX-buffer-overflow-of-syscall-8850