{"vuid":"VU#433499","idnumber":"433499","name":"IBM AIX portmir vulnerable to buffer overflow via echo_error","keywords":["IBM AIX","portmir","buffer overflow","echo_error","/etc/locks"],"overview":"There is a buffer overflow in the IBM AIX portmir command that may allow local users to gain root privileges.","clean_desc":"There is a buffer overflow in the echo_error routine of the IBM AIX portmir command. An attacker may be able to corrupt lock files in the \"/etc/locks\" directory.","impact":"While full impact of this vulnerability is not known for sure, it appears that attackers with access to a local account may be able to gain root privileges.","resolution":"Apply a Patch IBM has released patches to correct this problem. For AIX version 4.3.0, system administrators should apply APAR#IY07832.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Cory F. Cohen.","public":["http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA122750+STIY07832+USbin","http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY07832"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-08-27T18:52:57Z","publicdate":"2000-01-27T00:00:00Z","datefirstpublished":"2001-09-26T20:22:11Z","dateupdated":"2001-09-26T20:22:13Z","revision":6,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"0","cam_impact":"20","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}