- gethostbyname()


COMMAND

gethostbyname()

SYSTEMS AFFECTED

AIX(r) 3.2.x
4.1.x
4.2.x


PROBLEM

Under certain conditions
the "gethostbyname()" library  function
provided  with  IBM  AIX  versions  3.2.x
4.1.x
and  4.2.x can
encounter a buffer overrun that allows information on the  program
stack to be corrupted.

Many  set-user-id  and  set-group-id  programs
as  well  as many
network programs running with  super-user privileges
make use  of
the "gethostbyname()"  library function.   Corrupting the  program
stack of these programs may allow arbitrary user-provided code  to
be executed inadvertently.

If successfully exploited
this buffer overrun condition could  be
used to  gain super-user  access to  the system.   Such an  action
could be initiated over the network from a remote system
or by  a
user on  the local  system.   Penetration through  a firewall  may
also be  possible
depending  on which  services and  applications
are permitted by the firewall system.



SOLUTION

Get patch (for now nobody exploited this one on AIX
only on Sun).