----------------------------------------------------------------------

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.

Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/

----------------------------------------------------------------------

TITLE:
IBM AIX Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA26715

VERIFY ADVISORY:
http://secunia.com/advisories/26715/

CRITICAL:
Less critical

IMPACT:
Privilege escalation, DoS, Manipulation of data

WHERE:
Local system

REVISION:
2.0 originally posted 2007-09-06

OPERATING SYSTEM:
AIX 5.x
http://secunia.com/product/213/

DESCRIPTION:
Multiple vulnerabilities have been reported in IBM AIX, which can be
exploited by malicious, local users to delete certain system files,
cause a DoS (Denial of Service), or gain escalated privileges.

1) Boundary errors within fcstat, ibstat, mkpath, svprint, swcons,
uucp UNIX-to-UNIX Copy, and xlplm commands can be exploited to cause
buffer overflows.

Successful exploitation allows execution of arbitrary code with root
privileges.

2) User privileges are not being checked by the perfstat system call
in perfstat kernel extension for SET operations and can be exploited
to e.g. cause the system to hang.

3) An input validation error in the invscout command can be exploited
to e.g. delete certain system files.

SOLUTION:
Apply interim fixes or APARs as soon as they become available:
ftp://aix.software.ibm.com/aix/efixes/security/svprint_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/swcons_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/xlplm_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/invscout_ifix.tar.Z

AIX 5.2.0:
APAR IY94739
APAR IY91132
APAR IZ02717 (available approximately 10/31/2007)
APAR IY98819 (available approximately 10/31/2007)
APAR IY97215
APAR IZ00997 (available approximately 10/31/2007)
APAR IY98506 (available approximately 11/27/2007)

AIX 5.3.0:
APAR IY94761
APAR IY97233
APAR IY91145
APAR IY97309
APAR IZ02718 (available approximately 11/27/2007)
APAR IY98804 (available approximately 11/27/2007)
APAR IY95852
APAR IZ00997 (available approximately 11/27/2007)
APAR IY98506 (available approximately 11/27/2007)

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

CHANGELOG:
2007-09-06: Updated advisory based on additional information from
IBM. Added vulnerability #3 and additional link.

ORIGINAL ADVISORY:
IBM:
ftp://aix.software.ibm.com/aix/efixes/security/README
http://www-1.ibm.com/support/docview.wss?uid=isg1IY94739
http://www-1.ibm.com/support/docview.wss?uid=isg1IY94761
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97233
http://www-1.ibm.com/support/docview.wss?uid=isg1IY91132
http://www-1.ibm.com/support/docview.wss?uid=isg1IY91145
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97309
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ02717
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ02718
http://www-1.ibm.com/support/docview.wss?uid=isg1IY98819
http://www-1.ibm.com/support/docview.wss?uid=isg1IY98804
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97215
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95852
http://www-1.ibm.com/support/docview.wss?uid=isg1IY98506

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------