July 20, 2001

AIX libi18n vulnerability

Author: JT Smith

Help Net Security has an advisory for IBM's AIX versions 4.3.x and 5.1: "AIX ships with the library "libi18n" located in the "/usr/ccs/lib" directory. This library
contains a function that is vulnerable to a buffer overflow through the LANG
environment variable.

An ordinary user has the ability to set the "LANG" environment variable to any value
they choose. When this variable is set to a suitably formatted string and a program is
run which uses the

vulnerable library, the program will terminate abnormally. If this program is also setuid
root, aixterm for example, a malicious user has an opportunity to spawn a root shell and
gain control of the machine."


  • Linux
Click Here!