{"vuid":"VU#739201","idnumber":"739201","name":"IBM AIX setclock buffer overflow in remote timeserver argument","keywords":["IBM","AIX","setclock","buffer overflow"],"overview":"There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges.","clean_desc":"The setclock command sets the system's clock from a remote time server. This command contains a buffer overflow in the handling of the remote timeserver hostname.","impact":"An attacker with access to a local user account may be able to gain root privileges.","resolution":"Apply a Patch IBM has released patches to correct this problem. For AIX version 4.2, system adminstrators should apply APAR#IY07790. For AIX version 4.3, system administrators should apply APAR#IY07831.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Cory F. Cohen.","public":["http://www.securityfocus.com/bid/2035","http://xforce.iss.net/static/5618.php","http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA139817+STIY07831+USbin","http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY07831","http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA137621+STIY07790+USbin","http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY07790"],"cveids":["CVE-2000-1122"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-09-28T18:15:45Z","publicdate":"2000-12-01T00:00:00Z","datefirstpublished":"2001-09-28T18:41:14Z","dateupdated":"2001-09-28T18:41:15Z","revision":5,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"18","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"7.0875","cam_scorecurrentwidelyknown":"7.7625","cam_scorecurrentwidelyknownexploited":"14.5125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.0875,"vulnote":null}