SSD Advisory – IBM AIX snmpd ASN.1 OID parsing stack overflow

TL;DR


Find out how a vulnerability in IBM AIX’s snmpd service allows an unauthenticated attacker to trigger a stack overflow and potentially run arbitrary code on the server with root privileges.


Vulnerability Summary


IBM AIX (Advanced Interactive eXecutive) is a series of proprietary Unix operating systems developed and sold by IBM for several of its computer platforms. Originally released for the IBM RT PC RISC workstation, AIX now supports or has supported a wide variety of hardware platforms, including the IBM RS/6000 series and later POWER and PowerPC-based systems, AS400 hardware (which runs the OS IBM iSeries aka IBM System i), System/370 mainframes, PS/2 personal computers, and the Apple Network Server.


A vulnerability in AIX’s snmpd service allow unauthenticated attackers to trigger a stack overflow in the service and potentially cause it to execute arbitrary code with root privileges.


Credit


Independent security researcher, Hacker Fantastic ( hackerfantastic ), has reported this vulnerability to the SSD Secure Disclosure program.


Affected Versions


IBM AIX 5.3 and prior


IBM AIX 6.0 is suspected as being vulnerable


NOTE: IBM AIX 7.0 and prior are considered End of Life and are no longer supported, that said, they are still very much present and being in use in large companies – and thus we urge system administrators using this OS to contact IBM for a solution


Vendor Response


As the product is not currently supported, we had no way to get a patch or vendor respond for this vulnerability.


Many of our partners consist of institutional corporations working with AIX hardware. Firms not upgraded to the latest version where this exploi ..