Bugtraq mailing list archives
Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login
From: Florian Weimer <Florian.Weimer () RUS Uni-Stuttgart DE>
Date: 13 Dec 2001 12:04:03 +0100
CERT Advisory <cert-advisory () cert org> writes:
IBM IBM's AIX operating system, versions 4.3 and 5.1, are susceptible to this vulnerability.
Previous versions of AIX seem to be affected, too. At least AIX 4.2 comes with a login implementation which offers the same environment variable passing functionality found in AIX 4.3, and passing large numbers of arguments results in strange behavior. The tested login implementation seems to be contained in: Fileset Level State Description ---------------------------------------------------------------------------- bos.rte.security 4.2.1.0 C Base Security Function 4.2.1.1 C Base Security Function -- Florian Weimer Florian.Weimer () RUS Uni-Stuttgart DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
Current thread:
- CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login CERT Advisory (Dec 12)
- Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login Florian Weimer (Dec 13)
- Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login Scott Howard (Dec 14)
- Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login Bill Clawson (Dec 15)
- <Possible follow-ups>
- Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login Derrick Scholl (Dec 14)