Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: AIX, file corruption via MALLOCDEBUG

May 2009 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

A local attacker can corrupt a file using the MALLOCDEBUG environment variable.

Severity: 2/4

Consequences: data creation/edition

Provenance: user shell

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 20/05/2009

IMPACTED PRODUCTS

- IBM AIX

DESCRIPTION OF THE VULNERABILITY

Developers can set MALLOCTYPE, MALLOCOPTIONS or MALLOCDEBUG environment variables, to debug memory allocations.

The MALLOCDEBUG indicates a log file: MALLOCDEBUG=output:/tmp/file

However, this file is created in an insecure manner, leading to a file corruption when a suid/sgid program is debugged.

A local attacker can therefore corrupt a file using the MALLOCDEBUG environment variable.

CHARACTERISTICS

Identifiers: BID-35034, VIGILANCE-VUL-8725

http://vigilance.fr/vulnerability/AIX-file-corruption-via-MALLOCDEBUG-8725




See previous articles

    

See next articles