Title: AIX tn3270 Core Dump Vulnerability
Severity: MODERATE
Description:
Tn3270 is an application under AIX which acts as a telnet client with IBM 3270 emulation. Certain versions of tn3270 under AIX use the system call gets() to take information from standard input. The gets() system call does not limit the size of the string which it is fed, however the tn3270 code attempts to place the information it recieves into a fixed buffer. This can result in a buffer overflow condition which in turn causes the program to dump core. Because tn3270 is SUID root, it is executed as root. Therefore any memory dump may contain priviliged information such as passwords and usernames.
Affected Products:
- IBM AIX 4.1.0
- IBM AIX 4.1.1
- IBM AIX 4.1.2
- IBM AIX 4.1.3
- IBM AIX 4.1.4
- IBM AIX 4.1.5
- IBM AIX 4.2.0
- IBM AIX 4.2.1
- IBM AIX 4.3.0
- IBM AIX 4.3.2
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
