Overview
There is a buffer overflow in the enq command that may allow a local attacker to gain root privileges.
Description
The enq command is used to add entries to a queue, usually for printing. There is a buffer overflow in the -M argument to the enq command. |
Impact
An attacker with access to a local user account may be able to gain root privileges. |
Solution
Apply a Patch IBM has released patches to correct this problem. For AIX version 4.2, system adminstrators should apply APAR#IY08287. For AIX version 4.3, system administrators should apply APAR#IY08143. The patches for this problem also correct a vulnerability in the digest command. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.securityfocus.com/bid/2034
- http://xforce.iss.net/static/5619.php
- http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_US/a_doc_lib/cmds/aixcmds2/enq.htm#A200977f
- http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA139925+STIY08143+USbin
- http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY08143
- http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA137627+STIY08287+USbin
- http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY08287
Acknowledgements
This document was written by Cory Cohen.
Other Information
| CVE IDs: | CVE-2000-1121 |
| Severity Metric: | 7.09 |
| Date Public: | 2000-12-01 |
| Date First Published: | 2001-09-28 |
| Date Last Updated: | 2001-09-28 16:02 UTC |
| Document Revision: | 5 |