CVE-1999-1583

Vulnerability

A buffer overflow vulnerability exists in the nslookup command on IBM AIX version 4.3. When a long hostname is provided as a command-line argument, the program fails to properly bounds-check the input before copying it into a fixed-size buffer, leading to memory corruption. The affected versions are AIX 4.3 systems lacking APAR#IY02120 [1].

Exploitation

An attacker must have local access to the vulnerable AIX system. By providing an overly long hostname string as an argument to nslookup, the overflow can be triggered. The attacker can craft the input to overwrite critical memory regions, such as the saved instruction pointer, and redirect execution to attacker-controlled shellcode. No authentication beyond a local account is required; no user interaction is needed beyond executing the command [1][2].

Impact

Successful exploitation allows a local attacker to execute arbitrary code with root privileges. This means an unprivileged user can fully compromise the system, gaining complete control over the operating system, including the ability to read, modify, or delete any file, install malware, or pivot to other systems [1].

Mitigation

IBM released a patch to fix this vulnerability. System administrators should apply APAR#IY02120 for AIX version 4.3. As the vulnerability is publicly known and has been reportedly exploited, applying the patch is critical [1]. The reference for the APAR indicates it is available from IBM support [2].