{"vuid":"VU#886953","idnumber":"886953","name":"IBM AIX setsenv buffer overflow","keywords":["IBM","AIX","setsenv","buffer overflow"],"overview":"There is a buffer overflow in the IBM AIX setsenv command that may allow local attackers to gain root privileges.","clean_desc":"The setsenv command is used to set protected state environment variables. There is a buffer overflow in a variable value parameter to the setsenv command on IBM AIX systems. An exploit for this vulnerability is publicly available, and is reported to have been used to compromise systems.","impact":"An attacker with access to a local user account can execute arbitrary code on the vulnerable system as root.","resolution":"Apply a Patch IBM has released patches to correct this problem. For AIX version 4.2, system adminstrators should apply APAR#IY10721. For AIX version 4.3, system administrators should apply APAR#IY08812.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Cory F. Cohen.","public":["http://www.securityfocus.com/bid/2032","http://xforce.iss.net/static/5621.php","http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA114623+STIY10721+USbin","http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY10721","http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA123587+STIY08812+USbin","http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY08812","http://www.rs6000.ibm.com/doc_link/en_US/a_doc_lib/cmds/aixcmds5/setsenv.htm#WPg2f0frit"],"cveids":["CVE-2000-1119"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-09-27T19:28:25Z","publicdate":"2000-12-01T00:00:00Z","datefirstpublished":"2001-09-28T15:01:33Z","dateupdated":"2001-09-28T15:37:17Z","revision":5,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"4","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"15.1875","cam_scorecurrentwidelyknown":"15.1875","cam_scorecurrentwidelyknownexploited":"24.1875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":15.1875,"vulnote":null}