CVE-2008-1599

Name of the Vulnerable Software and Affected Versions IBM AIX versions 5.2 through 6.1

Description The issue is related to the improper handling of environment variables by the nddstat programs. This allows local users to gain privileges by invoking certain programs, including atmstat, entstat, fddistat, hdlcstat, or tokstat.

Recommendations For IBM AIX versions 5.2 through 6.1, consider restricting access to the nddstat programs until a proper fix is applied. As a temporary workaround, avoid invoking the atmstat, entstat, fddistat, hdlcstat, or tokstat programs with untrusted environment variables.