{"vuid":"VU#872443","idnumber":"872443","name":"IBM AIX nslookup buffer overflow in hostname to lookup","keywords":["IBM AIX","nslookup","buffer overflow","DNS"],"overview":"There is a buffer overflow in nslookup that will allow local attackers to gain root privileges on vulnerable AIX systems.","clean_desc":"The nslookup command contains a buffer overflow in the hostname to lookup, allowing local attackers to gain root privileges. The vendor (IBM) has reported publicly that this buffer overflow has been exploited by intruders to gain privileges.","impact":"Intruders with access to a local account may be able to gain root privileges on the vulnerable system.","resolution":"Apply a Patch IBM has released patches to correct this problem. For AIX version 4.3, system administrators should apply APAR#IY02120.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Cory F. Cohen.","public":["http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA170996+STIY02120+USbin","http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY02120"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-08-27T18:35:42Z","publicdate":"1999-09-30T00:00:00Z","datefirstpublished":"2001-09-26T15:52:35Z","dateupdated":"2001-09-26T18:04:41Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"3","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"15.75","cam_scorecurrentwidelyknown":"15.75","cam_scorecurrentwidelyknownexploited":"25.3125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":15.75,"vulnote":null}