Vigil@nce: AIX, buffer overflow of pppdial
March 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A attacker can execute code with a buffer overflow of pppdial.
Gravity: 2/4
Consequences: administrator access/rights
Provenance: intranet server
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 23/02/2009
IMPACTED PRODUCTS
– IBM AIX
DESCRIPTION OF THE VULNERABILITY
The pppdial command connects to a remote server, in order to
establish a PPP (Point to Point Protocol) session.
When pppdial handles a string longer than 4000 characters, a
buffer overflow occurs. Technical details are unknown.
If this overflow occurs in parameters of the pppdial command line,
this vulnerability can be used by a local attacker to elevate his
privileges. If this overflow occurs in data received from the
remote server, this vulnerability can be used by a remote attacker
to execute code on the computer.
CHARACTERISTICS
Identifiers: BID-33852, IZ44199, IZ44220, IZ44332, IZ44388,
VIGILANCE-VUL-8485
http://vigilance.fr/vulnerability/AIX-buffer-overflow-of-pppdial-8485