Vigil@nce: AIX, vulnerabilities of sa_snap
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker, who is member of the system group, can use two
vulnerabilities of sa_snap, in order to obtain root privileges, or
to delete a file.
– Severity: 1/4
– Creation date: 14/09/2010
DESCRIPTION OF THE VULNERABILITY
The AIX StoreAge Light Agent /usr/esa/sbin/sa_snap tool collects
information about the system. It is installed suid root, and can
be executed by members of the system group. It is impacted by two
vulnerabilities.
An attacker can use a long parameter, in order to generate a
buffer overflow, leading to code execution with root privileges.
[severity:1/4]
On AIX 5.3, an attacker can use sa_snap, to delete a file with
root privileges. [severity:1/4]
A local attacker, who is member of the system group, can therefore
obtain root privileges, or delete a file.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/AIX-vulnerabilities-of-sa-snap-9923