IBM AIX libIM缓冲区溢出漏洞-一一网

漏洞信息详情

IBM AIX libIM缓冲区溢出漏洞

CNNVD编号：CNNVD-200303-007

危害等级：高危
CVE编号：
CVE-2003-0087
漏洞类型：

缓冲区溢出
发布时间：

2003-03-03
威胁类型：

本地
更新时间：

2005-05-13
厂商：

national_language_support
漏洞来源：
The discovery of t…

漏洞简介

AIX 4.3到5.2版本下的National Language Support (NLS)的libIM library (libIM.a)存在缓冲区溢出漏洞。本地攻击者可以借助可能的几个攻击向量，包括aixterm的超长-im参数获取权限。

漏洞公告

IBM has released an E-Fix containing fixes for IBM AIX 4.3.3, 5.1, and 5.2. It should be noted that releases prior to 4.3 are no longer supported by IBM and users are advised to upgrade their operating system when possible.
Information regarding the release dates of the respective APAR files can be found in the attached IBM advisory.
Fixes:
National Language Support libIM

IBM IY40307For AIX 4.3.3.

http://www-1.ibm.com/support/docview.wss?uid=isg1IY40307
IBM IY40317For AIX 5.1.0.

http://www-1.ibm.com/support/docview.wss?uid=isg1IY40317
IBM IY40320For AIX 5.2.0.

http://www-1.ibm.com/support/docview.wss?uid=isg1IY40320

参考网址

来源: www.idefense.com
链接:http://www.idefense.com/advisory/02.12.03.txt

来源: XF
名称: aix-aixterm-libim-bo(11309)
链接:http://xforce.iss.net/xforce/xfdb/11309

来源: BID
名称: 6840
链接:http://www.securityfocus.com/bid/6840

来源: OSVDB
名称: 7996
链接:http://www.osvdb.org/7996

来源: AIXAPAR
名称: IY40320
链接:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40320&apar=only

来源: AIXAPAR
名称: IY40317
链接:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40317&apar=only

来源: AIXAPAR
名称: IY40307
链接:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40307&apar=only

来源: BUGTRAQ
名称: 20030212 libIM.a buffer overflow vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104508833214691&w=2

来源: BUGTRAQ
名称: 20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104508375107938&w=2

来源: VULNWATCH
名称: 20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0066.html