search menu icon-carat-right cmu-wordmark

CERT Coordination Center

IBM AIX setclock buffer overflow in remote timeserver argument

Vulnerability Note VU#739201

Original Release Date: 2001-09-28 | Last Revised: 2001-09-28

Overview

There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges.

Description

The setclock command sets the system's clock from a remote time server. This command contains a buffer overflow in the handling of the remote timeserver hostname.

Impact

An attacker with access to a local user account may be able to gain root privileges.

Solution

Apply a Patch

IBM has released patches to correct this problem. For AIX version 4.2, system adminstrators should apply APAR#IY07790. For AIX version 4.3, system administrators should apply APAR#IY07831.

Vendor Information

739201
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This document was written by Cory F. Cohen.

Other Information

CVE IDs: CVE-2000-1122
Severity Metric: 7.09
Date Public: 2000-12-01
Date First Published: 2001-09-28
Date Last Updated: 2001-09-28 18:41 UTC
Document Revision: 5

Sponsored by CISA.