


COMMAND

    gethostbyname()

SYSTEM AFFECTED

    IBM AIX(r) 3.2.x, 4.1.x, 4.2.x

PROBLEM

    Under certain conditions,  the "gethostbyname()" library  function
    provided  with  IBM  AIX  versions  3.2.x,  4.1.x,  and  4.2.x can
    encounter a buffer overrun that allows information on the  program
    stack to be corrupted.

    Many  set-user-id  and  set-group-id  programs,  as  well  as many
    network programs running with  super-user privileges, make use  of
    the "gethostbyname()"  library function.   Corrupting the  program
    stack of these programs may allow arbitrary user-provided code  to
    be executed inadvertently.

    If successfully exploited, this buffer overrun condition could  be
    used to  gain super-user  access to  the system.   Such an  action
    could be initiated over the network from a remote system, or by  a
    user on  the local  system.   Penetration through  a firewall  may
    also be  possible, depending  on which  services and  applications
    are permitted by the firewall system.

SOLUTION

    Get patch (for now nobody exploited this one on AIX, only on Sun).



