{"vuid":"VU#808633","idnumber":"808633","name":"IBM AIX digest buffer overflow in filename argument to command","keywords":["IBM","AIX","digest","buffer overflow"],"overview":"There is a buffer overflow in the digest command that may allow a local attacker to gain root privileges.","clean_desc":"The digest command is intended to be run by the qdaemon to generate a binary version of the queue configuration daemon information stored in /etc/qconfig. The digest program has a buffer overflow in one of the filename arguments to the command. An exploit for this vulnerability is publicly available, and is reported to have been used by intruders to compromise systems.","impact":"An attacker with access to a local user account may be able to gain root privileges. The attacker must gain access to the printq group before being able to exploit this vulnerability.","resolution":"Apply a Patch IBM has released patches to correct this problem. For AIX version 4.2, system adminstrators should apply APAR#IY08287. For AIX version 4.3, system administrators should apply APAR#IY08143. The patches for this problem also correct a vulnerability in the enq command.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Cory F. Cohen.","public":["http://www.securityfocus.com/bid/2033","http://xforce.iss.net/static/5620.php","http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_US/a_doc_lib/cmds/aixcmds2/digest.htm#A26P05a6","http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA139925+STIY08143+USbin","http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY08143","http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA137627+STIY08287+USbin","http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY08287"],"cveids":["CVE-2000-1120"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-09-27T19:29:40Z","publicdate":"2000-12-01T00:00:00Z","datefirstpublished":"2001-09-28T16:08:39Z","dateupdated":"2001-09-28T16:08:41Z","revision":6,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"17","cam_easeofexploitation":"10","cam_attackeraccessrequired":"8","cam_scorecurrent":"5.355","cam_scorecurrentwidelyknown":"5.865","cam_scorecurrentwidelyknownexploited":"10.965","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.355,"vulnote":null}