Out-of-bounds write in IBM AIX

#VU7385 Out-of-bounds write in IBM AIX

Published: 2017-07-07

Vulnerability identifier: #VU7385

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6451

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
IBM AIX
Operating systems & Components / Operating system

Vendor:
IBM Corporation

Description
The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to improper handling of the return value of the snprintf function by the mx4200_send function in the legacy MX4200 refclock in NTP. A local attacker can trigger out-of-bounds memory write and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation
Install update from vendor's website.

Vulnerable software versions

IBM AIX: 5.3 - 7.2

External links
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory9.asc

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple NTP vulnerabilities in Junos OS and Junos OS Evolved

Multiple vulnerabilities in IBM AIX

Slackware Linux update for ntp

Amazon Linux AMI update for ntp