The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of AIX: vulnerability of setlocale

Synthesis of the vulnerability 

A local attacker can elevate his privileges via a suid/sgid program using setlocale().
Impacted software: AIX.
Severity of this computer vulnerability: 2/4.
Creation date: 18/08/2006.
Revision date: 07/11/2007.
Références of this announce: BID-19578, CVE-2006-4254, IY88183, IY88512, IY88528, VIGILANCE-VUL-6100.

Description of the vulnerability 

The setlocale() function specifies the format of various items:
 - LC_COLLATE : character interval
 - LC_CTYPE : character type
 - LC_MONETARY : monetary value
 - LC_NUMERIC : number format (thousand separator)
 - LC_TIME : date and time
 - etc.
These formats can be set in environment variables.

When the LC_TIME variable contains over 580 characters, a buffer overflow occurs in the setlocale() implementation of libc of AIX.

The suid or sgid programs using setlocale() can thus be used by a local attacker to elevate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness alert impacts software or systems such as AIX.

Our Vigil@nce team determined that the severity of this computer vulnerability note is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this security bulletin.

Solutions for this threat 

AIX: APAR for setlocale.
An APAR will be available:
  AIX 5.1.0: IY88528 (6th of september 2006)
  AIX 5.2.0: IY88512 (6th of september 2006)
  AIX 5.3.0: IY88183 (6th of september 2006)
An ifix is available:
  ftp://aix.software.ibm.com/aix/efixes/security/setlocale_ifix.tar.Z
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability bulletins. The technology watch team tracks security threats targeting the computer system.