certfr_avis - certa-2004-avi-083

CERTA-2004-AVI-083

Vulnerability from certfr_avis

Une vulnérabilité dans le démon rexecd permettrait l'obtention des privilèges de l'utilisateur root à distance.

Description

Le démon rexecd permet l'exécution de commandes à distance. Il requiert une authentification.

Une vulnérabilité lors de l'authentification permet à un utilisateur distant mal intentionné d'obtenir les droits root dans certains cas.

Solution

Appliquer le correctif indiqué dans la note de sécurité IY53507 d'IBM (voir Documentation).

IBM AIX 4.3.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Note de sécurité IY53507 d'IBM

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eIBM AIX 4.3.\u003c/P\u003e",
  "content": "## Description\n\nLe d\u00e9mon rexecd permet l\u0027ex\u00e9cution de commandes \u00e0 distance. Il requiert\nune authentification.\n\nUne vuln\u00e9rabilit\u00e9 lors de l\u0027authentification permet \u00e0 un utilisateur\ndistant mal intentionn\u00e9 d\u0027obtenir les droits root dans certains cas.\n\n## Solution\n\nAppliquer le correctif indiqu\u00e9 dans la note de s\u00e9curit\u00e9 IY53507 d\u0027IBM\n(voir Documentation).\n",
  "cves": [],
  "initial_release_date": "2004-03-12T00:00:00",
  "last_revision_date": "2004-03-12T00:00:00",
  "links": [],
  "reference": "CERTA-2004-AVI-083",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation de privil\u00e8ges \u00e0 distance (en particulier root)"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le d\u00e9mon rexecd permettrait l\u0027obtention des\nprivil\u00e8ges de l\u0027utilisateur root \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de rexecd sous AIX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Note de s\u00e9curit\u00e9 IY53507 d\u0027IBM",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY53507"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted