AIX: privilege elevation via Sendmail
Synthesis of the vulnerability
A local attacker can create a ".forward" file, in order to obtain root privileges.Impacted products:
BID-54206, CERTA-2012-AVI-353, CVE-2012-2200, IV22963, IV22964, IV22965, IV22966, VIGILANCE-VUL-11730.
Description of the vulnerability
Users can create a ~/.forward file, containing an email where received emails have to be redirected.
The ~/.forward file can also contain a shell command (|command) to be executed when an email is received.
However, the AIX Sendmail is configured to execute this command as the root user.
A local attacker can therefore create a ".forward" file, and then send himself an email, in order to obtain root privileges.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides an applications vulnerabilities watch
. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.