iDefense Security Advisory 04.15.09 – Local exploitation of a buffer overflow vulnerability in IBM Corp.’s Advanced Interactive eXecutive (AIX) could allow an attacker to gain root privileges. The set-uid root binary “muxatmd” concatenates the calling program name with the static string “.pid”. The destination buffer passed to the function call used for concatenation is a static-sized stack buffer. Since no bounds checking is performed, a stack-based buffer overflow can occur when a long program name is given. iDefense has confirmed the existence of this vulnerability in IBM Corp.’s AIX version 5.3 (5300-09-02-0849). Other versions may also be affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76707/04.15.09-1.txt
Source: https://packetstormsecurity.com/files/76707/iDEFENSE-Security-Advisory-2009-04-15.1.html