CVE-2001-1079 in AIX
Summary
by MITRE
create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/04/2019
The vulnerability identified as CVE-2001-1079 resides within the PSSP 3.2 authentication framework running on AIX operating systems with DCE 3.1 integration. This flaw specifically manifests in the create_keyfiles function which is responsible for generating cryptographic keyfile directories during the authentication process. The issue stems from improper permission settings where the system creates directory structures with world-writable permissions, granting any local user the ability to modify or delete critical cryptographic materials. This represents a fundamental failure in privilege management and access control implementation that directly undermines the security posture of the authentication system.
The technical exploitation of this vulnerability occurs through local user access to the system where attackers can leverage the world-writable permissions to remove or modify key files that are essential for the DCE authentication mechanism. When these key files are deleted or corrupted, the authentication system becomes unable to properly verify user credentials, resulting in a denial of service condition that prevents legitimate users from accessing protected resources. The vulnerability directly maps to CWE-732, which describes improper permission assignment where permissions are set incorrectly, allowing unauthorized modification of security-critical resources. This flaw demonstrates poor security implementation practices that violate fundamental principles of least privilege and proper access control enforcement.
The operational impact of this vulnerability extends beyond simple service disruption to encompass potential compromise of the entire authentication infrastructure. Local attackers can systematically target keyfile directories to cause cascading failures in authentication services, potentially affecting multiple user sessions and system access controls. The denial of service condition can persist until system administrators manually correct the permission settings or restart the authentication services, creating operational downtime and requiring immediate remediation efforts. This vulnerability particularly affects environments where DCE authentication is critical for system access and where local privilege escalation is a concern.
Mitigation strategies for CVE-2001-1079 should focus on immediate permission correction and long-term system hardening measures. System administrators must manually verify and correct directory permissions to ensure that keyfile directories are not world-writable, typically requiring restrictive permissions such as 700 or 750 to prevent unauthorized modification. The system should be updated to a patched version of PSSP that properly implements secure permission settings during keyfile creation. Additionally, regular security audits should verify that no other components of the system create world-writable directories, as this represents a broader class of security misconfigurations that align with ATT&CK technique T1078 for valid accounts and privilege escalation. Monitoring and alerting should be implemented to detect unauthorized modifications to cryptographic key directories, ensuring early detection of potential exploitation attempts.