{"vuid":"VU#17566","idnumber":"17566","name":"sysback makes call to hostname without a fully qualified path specification","keywords":["IBM","sysback"],"overview":"sysback, shipped with AIX systems,  allows local users to gain root access because of a failure to use a fully qualified path for a call to hostname.","clean_desc":"sysback includes a call to hostname but does not include a full path specification. Because sysback is set uid root, intruders can put a malicious hostname in the path before the \"real\" hostname, and thereby execute any commands with root privileges.","impact":"Local users can execute arbitrary commands and programs with root privileges.","resolution":"Update to sysback.rte 4.2.1.13  as described in the IBM vendor statement.","workarounds":"Remove setuid root from sysback in environments that permit it (where such a change would not be detrimental to operations).","sysaffected":"","thanks":"Our thanks to Kiki Lee for reporting this vulnerability.","author":"This document was written by Shawn V Hernan.","public":[],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"1999-02-01T21:36:32Z","publicdate":"2000-12-10T00:00:00Z","datefirstpublished":"2000-12-12T23:03:29Z","dateupdated":"2000-12-12T23:11:32Z","revision":6,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"1","cam_population":"9","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"10","cam_scorecurrent":"1.35","cam_scorecurrentwidelyknown":"14.175","cam_scorecurrentwidelyknownexploited":"27.675","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.35,"vulnote":null}