VULHUB ™

Versions of IBM AIX contain a vulnerability which can allow a local root compromise. A buffer overflow has been found in the handling of the LANG environment variable. Privileged programs using the libi18n library can permit a local user to execute arbitrary code. By inserting carefully-composed malicious input into the LANG environment variable, it is possible to overwrite stack variables, including the return address of the calling function. This problem makes it possible for a local user to execute arbitrary code, gaining elevated privileges and potentially root access.

Versions of IBM AIX contain a vulnerability which can allow a local root compromise. A buffer overflow has been found in the handling of the LANG environment variable. Privileged programs using the libi18n library can permit a local user to execute arbitrary code. By inserting carefully-composed malicious input into the LANG environment variable, it is possible to overwrite stack variables, including the return address of the calling function. This problem makes it possible for a local user to execute arbitrary code, gaining elevated privileges and potentially root access.