Vigil@nce - AIX: denial of service via fuser
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use the fuser command, in order to kill the
process of another user.
Impacted products: AIX
Severity: 1/4
Creation date: 01/10/2012
DESCRIPTION OF THE VULNERABILITY
The fuser command indicates processes which use a file. For
example, to know processes using the file /etc/hosts:
fuser /etc/hosts
The "-k" option indicates to kill the found processes by sending
them the SIGKILL signal. For example:
fuser -k /etc/hosts
However, as /usr/sbin/fuser is installed suid root, the SIGKILL
signal is sent with high privileges.
A local attacker can therefore use the fuser command, in order to
kill the process of another user.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/AIX-denial-of-service-via-fuser-11990