Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CERT Advisory - Buffer Overflow in System V Derived Login

CERT Advisory - Buffer Overflow in System V Derived Login

by Nikola Strahija on December 13th, 2001 Several applications use login for authentication to the system. A remotely exploitable buffer overflow exists in login derived from System V. Attackers can exploit this vulnerability to gain root access to the server.


Vulnerable:
IBM AIX versions 4.3 and 5.1
Hewlett-Packard's HP-UX
SCO OpenServer 5.0.6 and earlier
SGI IRIX 3.x
Sun Solaris 8 and earlier

Description:
On most systems, login is not suid; therefore, it runs as the user who called it. If, however, login is called by an application that runs with greater privileges than those of the user, such as telnetd or rlogind, then the user can exploit this vulnerability to gain the privileges of that program. In the case of telnetd or rlogind, root access is gained.

If a program that invokes login is suid (or sgid) USER_A, then this can be exploited to gain the privileges of USER_A.
* An exploit exists and may be circulating.

Solution:
IBM's AIX operating system, versions 4.3 and 5.1, are susceptible to this vulnerability. We have prepared an emergency fix ("efix"), "tsmlogin_efix.tar.Z", and it is available for downloading from:
ftp://aix.software.ibm.com/aix/efixes/security

Sun has developed a fix and T-patches are being tested. Official patches will be released shortly and Sun will issue a Sun Security Bulletin when they are available.


This was a part of CERT Advisory CA-2001-34.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »