Vigil@nce - AIX: privilege escalation via lquerylv
January 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use lquerylv of AIX, in order to escalate his
privileges.
Impacted products: AIX.
Severity: 2/4.
Creation date: 09/11/2016.
DESCRIPTION OF THE VULNERABILITY
The AIX system supports the LVM (Logical Volume Manager) file
system.
The lquerylv command queries the logical volume. However, it can
be used to gain root privileges.
An attacker can therefore use lquerylv of AIX, in order to
escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/AIX-privilege-escalation-via-lquerylv-21082