Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: AIX, buffer overflow of pppdial

March 2009 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

A attacker can execute code with a buffer overflow of pppdial.

Gravity: 2/4

Consequences: administrator access/rights

Provenance: intranet server

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 23/02/2009

IMPACTED PRODUCTS

 IBM AIX

DESCRIPTION OF THE VULNERABILITY

The pppdial command connects to a remote server, in order to
establish a PPP (Point to Point Protocol) session.

When pppdial handles a string longer than 4000 characters, a
buffer overflow occurs. Technical details are unknown.

If this overflow occurs in parameters of the pppdial command line,
this vulnerability can be used by a local attacker to elevate his
privileges. If this overflow occurs in data received from the
remote server, this vulnerability can be used by a remote attacker
to execute code on the computer.

CHARACTERISTICS

Identifiers: BID-33852, IZ44199, IZ44220, IZ44332, IZ44388,
VIGILANCE-VUL-8485

http://vigilance.fr/vulnerability/AIX-buffer-overflow-of-pppdial-8485


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts