This Metasploit module exploits a buffer overflow vulnerability in opcode 21 handled by rpc.cmsd on AIX. By making a request with a long string passed to the first argument of the "rtable_create" RPC, a stack based buffer overflow occurs. This leads to arbitrary code execution.
aff1d1ff1b53822a5be662ef7f7cb50a2f60bbc8bab207ec0fc7df83f3270216AIX RPC.cmsd remote stack buffer overflow proof of concept exploit.
7c8e41a206c1c2240e87d6853f2c71873a26177a618a781f20802d31ab305649Secunia Security Advisory - IBM has issued an update for OpenSSL included in AIX. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.
d6bfba994190b93c57bdfda8610ac542294491d9c9714644d3d2e87db9cf173bSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
eeed30cdab325f7806d6df7a8818a3fedaae429638cc9d2e563515f293cd19c5Secunia Security Advisory - Some vulnerabilities have been reported in IBM AIX, which can be exploited by malicious, local users to potentially gain escalated privileges.
8db02685a67f34ea6a32d0014a4825c82a1b7a7fb6ec2819db48a021b60820adSecunia Security Advisory - A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to manipulate certain data.
5a922b94dbe98d37457631f6725af4bad4cf4adeced79dacd195097b5448a6cfSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
759eab4c68e1b60825f761eb8bec609092a5214c9520c7496ad7fe2d75941c75Secunia Security Advisory - A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to compromise a vulnerable system.
2c4bd55768803194b9fa4f93a7456d5d9371ada1cdcf45b4edbae0a236762cb7Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
7862dc37f2675d0199cae206497f8492447dee438f0cb1edeed99b0fba6647e0iDefense Security Advisory 10.07.09 - Remote exploitation of a stack based buffer overflow vulnerability in IBM Corp.'s AIX could allow an attacker to execute arbitrary code with the privileges of the affected service. rpc.cmsd, more commonly known as the Calendar Manager Service Daemon, is an RPC application used to manage schedules and calendars. It operates over SUN RPC. The vulnerability is triggered when handling a request for remote procedure 21. This function takes two arguments, both of which are XDR strings. When copying the first argument into a stack based buffer, the code does not properly verify its length. This results in a stack based buffer overflow vulnerability. iDefense has confirmed the existence of this vulnerability in AIX versions 5.3 and 5.2.
e622abe9b0845daaab5cfe3b95d2641f11a23e3387e454d48596ac147be98ab7Secunia Security Advisory - Two vulnerabilities have been reported in IBM AIX, which can be exploited by malicious, local users and malicious people to bypass certain security restrictions.
5dc21330a603fde4bd9958361ae0847d1354279063a5c21ff95c128207b67f31IBM AIX versions 5.6 and 6.1 _LIB_INIT_DBG arbitrary file overwrite via libc debug.
7f054254bca5207953d6b438ec277152539965bd3ee3d193b3a690ceeb72fe4fSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
5a61ef918e33b06357aa00830181bdcdc4638f77853158d3103bc6c24d7c34feiDefense Security Advisory 08.04.09 - Local exploitation of an arbitrary file creation vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) Operating System allows attackers to execute arbitrary code with super-user privileges. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3. Other versions may also be affected.
c2f93a0a5ddb535bfba9a73e58921b94de4aee8dfa76f6dbea11cf4494f746d2Secunia Security Advisory - IBM has acknowledged a vulnerability in named in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
f8b313831719026aee3379a3075eedce34c9296650e609b5b1e9c7a6627bf458IBM AIX 5.3 suffers from a libc MALLOCDEBUG file overwrite vulnerability.
2761cceaa0576ccf620fefafe7348954090fc718e5c696423bbad975bb7495d1Secunia Security Advisory - A vulnerability has been reported in AIX, which can be exploited by malicious local users to gain escalated privileges.
4de0a07fca25c6acf23f6fea8d12303fd13d6e86c986b247aa097c5c986ad590Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
6396eb5f7f6cfaac1d8b3df0b2b8c0e9e3a83d9051e53cc4dbb90b0f7df26e86Secunia Security Advisory - A vulnerability with an unknown impact has been reported in IBM AIX.
dafcb747bb4509af593288e6ba45537bf0450e3435d5db33fb20884c0a11e184Secunia Security Advisory - Some vulnerabilities have been reported in IBM AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
fe4268b6724fc8d1faf0c48941610d824c8cf37bf63bb725cb1df98c42068b95ToolTalk suffers from a rpc.ttdbserverd _tt_internal_realpath related buffer overflow vulnerability. IBM AIX versions 5.1.0 through 6.1.3 appear affected.
444f71cdcf6793937036925f0f55f4904dc7eb7fd8ff621556e979d2148ce216Secunia Security Advisory - A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to compromise a vulnerable system.
fba665e40eba98953e7994424bb9ae518492f2bd25b02a2f2c8029f3b5304606iDefense Security Advisory 05.19.09 - Local exploitation of a file overwrite vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to overwrite arbitrary files and execute arbitrary code. The AIX libc implementation of malloc includes a debugging mechanism that is initiated by setting the MALLOCTYPE and MALLOCDEBUG environment variables. This debugging feature writes to a user-specified log file under certain conditions. There is a gap in time between the checks to see if the file is a symbolic link and the process of opening the file. If an attacker can change the file to be a symbolic link to another file within this time frame, it is possible to cause a set-uid binary to write to files owned by privileged users. iDefense confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3. Other versions may also be affected.
5eb925589dbd4a9070539b783c3c683162ba40bd5d486b533a392ac2f3129ecdSecunia Security Advisory - A vulnerability has been reported in IBM AIX, which can be exploited by malicious, local users to gain escalated privileges.
3b4b33c2bec4c350c6b321ffeee48b4bd42e5c7c710ebf9da781cef3779c6a40Secunia Security Advisory - IBM has issued an update for OpenSSL included in AIX. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
64cd579519b69b8689809c2c296c6b2357f5f247f6a260caf0fba5a9738be0c3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed