Vigil@nce: AIX, buffer overflow of muxatmd
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can use the /usr/sbin/muxatmd program in order to
obtain the root privilege.
Severity: 2/4
Consequences: administrator access/rights
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 16/04/2009
IMPACTED PRODUCTS
– IBM AIX
DESCRIPTION OF THE VULNERABILITY
The /usr/sbin/muxatmd daemon is part of the ATM subsystem
(devices.common.IBM.atm.rte). This program is installed suid root.
The filename indicated as parameter of muxatmd is stored in a
fixed size array. A long filename thus generates a buffer overflow.
A local attacker can therefore use the /usr/sbin/muxatmd program
in order to obtain the root privilege.
CHARACTERISTICS
Identifiers: BID-34543, CVE-2009-1355, VIGILANCE-VUL-8644
http://vigilance.fr/vulnerability/AIX-buffer-overflow-of-muxatmd-8644