Run From The IBM AIX Buffer Overflow Vulnerability

Ladies and gentlemen I welcome you to yet another fun and exciting, reading experience with regards to a vulnerability. What it is this time you may be wondering? Good question, this time I shall be sharing some information with regards to an IBM AIX Buffer Overflow Vulnerability. This vulnerability was discovered in IBM AIX, in the ToolTalk library.

This specific and dangerous vulnerability enables malicious individuals to execute arbitrary code. A remote user is able to execute arbitrary code on a targeted system. One of the of the client servers developed by IMB includes the IBM Lotus Notes. Some of the files with regard to IBM Lotus Notes may include but are not limited to the following: f10494_ntmulti.exe, f4700_nnotesmm.exe, f7076_nlnotes.exe, f7387_ntaskldr.exe, nsl.exe as well as nsl.exe1.

A remote user is able to send tampered with data to the rpc.ttdbserver. This will directly result in a buffer overflow, in the ToolTalk library (libtt.a), being triggered. A key aspect to take into consideration is that this code will unfortunately, run with root privileges.

The vulnerability can be found in the following locations:

• /usr/dt/lib/libtt.a
• /usr/dt/bin/rpc.ttdbserver

How do you know if your system is vulnerable?
If you would like to determine if your system is vulnerable you will need to accurately execute the following command: lslpp -L X11.Dt.ToolTalk 

The solution to this is to apply the available fixes and updates. It can thus be quoted in conclusion: "If computers get too powerful, we can organize them into a committee - that will do them in". - Bradley's Bromide