A vulnerability was found in IBM AIX 4.3/4.3.1/4.3.2/4.3.3 (Operating System). It has been declared as critical. Affected by this vulnerability is an unknown code of the file pioout. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.

The issue has been introduced in 10/01/1997. The weakness was shared 01/09/2001 by Esa Etelavuori (FIRST) (Website). It is possible to read the advisory at marc.theaimsgroup.com. This vulnerability is known as CVE-2000-1123. The exploitation appears to be easy. Attacking locally is a requirement. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability was handled as a non-public zero-day exploit for at least 1196 days. During that time the estimated underground price was around $25k-$100k.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (5617). The entries 16280, 16278, 16277 and 16276 are related to this item.

Productinfo

Type

• Operating System

Vendor

• IBM

Name

• AIX

Version

• 4.3
• 4.3.1
• 4.3.2
• 4.3.3

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion