AIX Holes and Exploits






Future Kill
Underground
Hacking
Phreaking
Programing
Links
 









Overview


OperatingSystems


Packages


Software


Tools


Trojans


 


New


 






AIX Holes and Exploits



bshAIX 3.2 and earlier.If network printing is enabled
the bsh queue will permit users on remote systems to execute commands at an elevated privilege.
crontab(1)AIX 3.2The distributed version of /usr/bin/crontab contains a security vulnerability.
dpsexecAIX V.?The DPS server can be entered by /usr/lpp/DPS/bin/dpsexec. Since X runs as root
you can open and write to any root owned file.
gethostbyname()AIX(r) 3.2.x
4.1.x
4.2.xUnder certain conditions
the "gethostbyname()" library function can encounter a buffer overrun that allows information on the program stack to be corrupted.
Ip FragmentingAIX 3.2.55
4.1.x
4.2.xnoneSending very large ICMP echo requests can cause the system to crash.
/usr/sbin/lquerypvAIXUsers can read normally unreadable files using the following command:
passwd(1)AIX 3.2 and the 2007 update of AIX 3.1The passwd command contains a security vulnerability. Local users can gainunauthorized root access.
rloginAIX V.?An incompatibility between rlogin and login allows anyone to login is root without a password.
rmailAIX 3.2IFS hole in rmail gives egid=mail
/usr/sbin/routeAIX 4.1The permissions on /usr/sbin/route are 4555. This means that anyone with
shadowAIX 2.2.1Shadow password file is writeable by default
tprofAIX Version ?tprof -x /bin/sh on AIX gives a root shell.
ucp(1)UUCP software in  versions of AIX  up to 2007.   Local users can execute unauthorized commands and gain unauthorized root access.









Questions ? Comments ?
Mail: