Vulnerabilities > CVE-2007-4003 - Unspecified vulnerability in IBM AIX 5.3
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.
Nessus
NASL family AIX Local Security Checks NASL id AIX_U814071.NASL description The remote host is missing AIX PTF U814071, which is related to the security of the package printers.rte. last seen 2020-06-01 modified 2020-06-02 plugin id 29167 published 2007-12-03 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29167 title AIX 5.2 TL 10 : printers.rte (U814071) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were extracted # from AIX Security PTF U814071. The text itself is copyright (C) # International Business Machines Corp. # include("compat.inc"); if (description) { script_id(29167); script_version ("1.5"); script_cvs_date("Date: 2019/09/16 14:12:49"); script_cve_id("CVE-2007-4003"); script_name(english:"AIX 5.2 TL 10 : printers.rte (U814071)"); script_summary(english:"Check for PTF U814071"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The remote host is missing AIX PTF U814071, which is related to the security of the package printers.rte." ); script_set_attribute( attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ01121" ); script_set_attribute( attribute:"solution", value:"Install the appropriate missing security-related fix." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/06"); script_set_attribute(attribute:"patch_publication_date", value:"2007/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( aix_check_patch(ml:"520010", patch:"U814071", package:"printers.rte.5.2.0.106") < 0 ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_U812659.NASL description The remote host is missing AIX PTF U812659, which is related to the security of the package printers.rte. last seen 2020-06-01 modified 2020-06-02 plugin id 65334 published 2013-03-13 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65334 title AIX 5.3 TL 6 : printers.rte (U812659) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were extracted # from AIX Security PTF U812659. The text itself is copyright (C) # International Business Machines Corp. # include("compat.inc"); if (description) { script_id(65334); script_version("1.2"); script_cvs_date("Date: 2019/09/16 14:12:48"); script_cve_id("CVE-2007-4003"); script_name(english:"AIX 5.3 TL 6 : printers.rte (U812659)"); script_summary(english:"Check for PTF U812659"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The remote host is missing AIX PTF U812659, which is related to the security of the package printers.rte." ); script_set_attribute( attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ01122" ); script_set_attribute( attribute:"solution", value:"Install the appropriate missing security-related fix." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/06"); script_set_attribute(attribute:"patch_publication_date", value:"2007/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( aix_check_patch(ml:"530006", patch:"U812659", package:"printers.rte.5.3.0.61") < 0 ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 25084 CVE(CAN) ID: CVE-2007-4003 IBM AIX是一款商业性质的UNIX操作系统。 AIX操作系统所随捆绑的pioout程序处理命令行参数时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。 pioout程序没有丢弃权限便加载了攻击者所提供的任意共享库,如果使用了-R命令行参数攻击者就可以指定用于解析打印机数据的共享库。pioout程序拥有root setuid,任何本地用户都可以执行,因此本地攻击者可以通过创建一个执行shell的共享库导致以root用户权限执行任意命令。 IBM AIX 5.3 IBM AIX 5.2 临时解决方法: * 删除该二进制程序的setuid位。 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="ftp://aix.software.ibm.com/aix/efixes/security/pioout_ifix.tar.Z" target="_blank">ftp://aix.software.ibm.com/aix/efixes/security/pioout_ifix.tar.Z</a> |
| id | SSV:2044 |
| last seen | 2017-11-19 |
| modified | 2007-07-28 |
| published | 2007-07-28 |
| reporter | Root |
| title | IBM AIX Pioout任意库加载命令执行漏洞 |
References
- ftp://aix.software.ibm.com/aix/efixes/security/README
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=569
- http://secunia.com/advisories/26219
- http://www.securityfocus.com/bid/25084
- http://www.securitytracker.com/id?1018466
- http://www.vupen.com/english/advisories/2007/2677
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01121
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01122
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35628