Description
AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.
Products
- IBM AIX
- IBM AIX
- IBM AIX 64 bit
- IBM AIX 32-bit
- IBM AIX 1.2.1
- IBM AIX 1.3
- IBM AIX 2.2.1
- IBM AIX 3.1
- IBM AIX 3.2.0
- IBM AIX 3.2.4
- IBM AIX 3.2.5
- IBM AIX 3.2
- IBM AIX 4.0
- IBM AIX 4.1.1
- IBM AIX 4.1.2
- IBM AIX 4.1.3
- IBM AIX 4.1.4
- IBM AIX 4.1.5
- IBM AIX 4.1
- IBM AIX 4.2.0
- IBM AIX 4.2.1.12
- IBM AIX 4.2.1
- IBM AIX 4.2
- IBM AIX 4
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2000-1222, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2000-1222 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References