Vigil@nce - AIX: privilege escalation via lsmcode
December 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use lsmcode of AIX, in order to escalate his
privileges.
– Impacted products: AIX.
– Severity: 2/4.
– Creation date: 18/10/2016.
DESCRIPTION OF THE VULNERABILITY
The lsmcode program, which is installed suid root, displays
various information about system (microcode and firmware of
adapters and devices).
However, an attacker can use lsmcode to obtain root privileges.
A local attacker can therefore use lsmcode of AIX, in order to
escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/AIX-privilege-escalation-via-lsmcode-20890