VULHUB ™

iDefense Security Advisory 04.15.09 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to gain root privileges. The set-uid root binary "muxatmd" concatenates the calling program name with the static string ".pid". The destination buffer passed to the function call used for concatenation is a static-sized stack buffer. Since no bounds checking is performed, a stack-based buffer overflow can occur when a long program name is given. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3 (5300-09-02-0849). Other versions may also be affected.

iDefense Security Advisory 04.15.09 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to gain root privileges. The set-uid root binary "muxatmd" concatenates the calling program name with the static string ".pid". The destination buffer passed to the function call used for concatenation is a static-sized stack buffer. Since no bounds checking is performed, a stack-based buffer overflow can occur when a long program name is given. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3 (5300-09-02-0849). Other versions may also be affected.