iDefense Security Advisory 01.23.08 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s AIX operating system 'pioout' program allows attackers to execute arbitrary code with root privileges. The vulnerability exists due to insufficient input validation when copying user-supplied data to a fixed-size buffer. By passing a long string as a command line option, an attacker can cause an exploitable buffer overflow. iDefense has confirmed the existence of this vulnerability in version 5.2 and 5.3 of AIX with all patches applied as of November 29th, 2007. Previous versions are suspected to be affected.
0c544c96e82318461295adc559d908532902371421d53ecc023219ebd696ae0b