Bugtraq mailing list archives

Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login

From: Florian Weimer <Florian.Weimer () RUS Uni-Stuttgart DE>
Date: 13 Dec 2001 12:04:03 +0100

CERT Advisory <cert-advisory () cert org> writes:

IBM

   IBM's  AIX  operating system, versions 4.3 and 5.1, are susceptible to
   this  vulnerability.


Previous versions of AIX seem to be affected, too.  At least AIX 4.2
comes with a login implementation which offers the same environment
variable passing functionality found in AIX 4.3, and passing large
numbers of arguments results in strange behavior.  The tested login
implementation seems to be contained in:

  Fileset                      Level  State  Description 
  ---------------------------------------------------------------------------- 
  bos.rte.security           4.2.1.0    C    Base Security Function 
                             4.2.1.1    C    Base Security Function 

-- 
Florian Weimer                    Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Current thread:

CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login CERT Advisory (Dec 12)
- Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login Florian Weimer (Dec 13)
- Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login Scott Howard (Dec 14)
  - Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login Bill Clawson (Dec 15)
- <Possible follow-ups>
- Re: CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login Derrick Scholl (Dec 14)