INFORMATION BULLETIN
INFORMATION BULLETIN
| PROBLEM: | IBM AIX contains the getconf command that provides information about system configuration. An unspecified buffer overflow condition has been identified in getconf. |
| PLATFORM: | AIX APARs - AIX 5.3 version 530 |
| DAMAGE: | May lead to arbitrary code execution by local users. |
| SOLUTION: | Apply available security updates. |
| VULNERABILITY ASSESSMENT: |
The risk is MEDIUM. May lead to arbitrary code execution by local users. |
| LINKS: | |
| CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/p-319.shtml |
| ORIGINAL BULLETIN: | IBM - IY73814 |
| http://www-1.ibm.com/support/docview.wss?uid=isg1IY73814 | |
| ADDITIONAL LINKS: | IBM -IY73850 http://www-1.ibm.com/support/docview.wss?uid=isg1IY73850 |
| US-CERT Vulnerability Note VU#602300 http://www.kb.cert.org/vuls/id/602300 DSA-1018-1 http://www.debian.org/security/2006/dsa-1018 |
|
| CVE: | CVE-2005-3060 |
REVISION HISTORY:
03/24/06 - added a link to DSA-1018-1 [***** Start IBM IY73814 *****] A fix is available Obtain fix for this APAR APAR status Closed as program error. Error description Buffer overflow vulnerability. Local fix Problem summary Buffer overflow vulnerability. Problem conclusion Appropriate changes are made to fix the problem. Temporary fix Comments APAR information APAR number IY73814 Reported component name AIX 5.3 Reported component ID 5765G0300 Reported release 530 Status CLOSED PER PE NoPE HIPER NoHIPER Submitted date 2005-07-08 Closed date 2005-07-08 Last modified date 2005-09-06 APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: IY73850 Fix information Fixed component name AIX 5.3 Fixed component ID 5765G0300 Applicable component levels R530 PSY U478134 UP05/09/06 I 1000 [***** End IBM IY73814 *****]
Voice: +1 866-941-2472 (7 x 24)
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov/