CVE-2008-1599

Sažetak

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.

Reference

http://securitytracker.com/id?1019604
http://www.ibm.com/support/docview.wss?uid=isg1IZ16975
http://www.ibm.com/support/docview.wss?uid=isg1IZ16991
http://www.ibm.com/support/docview.wss?uid=isg1IZ17058
http://www.ibm.com/support/docview.wss?uid=isg1IZ17059
http://www.vupen.com/english/advisories/2008/0865
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5468

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-09-2017 - 01:30

Objavljeno

31-03-2008 - 23:44