CVE-2006-1246

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2006-1246 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The original article can be found at: http://www.nsfocus.com/english/homepage/research/0602.htm

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2006-1246

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* IBM AIX 5.3

CVE Information:
CVE-2006-1246

The mklvcopy shipped with IBM AIX 5.3 is used to increase the number of copies in each logical partition in LogicalVolume. By default mklvcopy is set with suid root bit, and can be run by system group users.

mklvcopy contains a vulnerability when calling external commands, which allows a local attacker to execute arbitrary command as root. Successful exploitation requires the attacker should gain system group privilege first.

Workaround:
Remove suid root bit from mklvocpy.
# chmod a-s /usr/sbin/mklvcopy

The vendor has released Patch APAR IY82739 to fix the vulnerability. The related
link is: http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739

AIX 5 APAR Patch can be downloaded at: http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html

The temporary patch for the vulnerability can be downloaded at: ftp://aix.software.ibm.com/aix/efixes/security/mklvcopy_ifix.tar.Z

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus