CVE-2005-2234

Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.caughq.org/advisories/CAU-2005-0005.txt	Vendor Advisory
http://www.security-focus.com/advisories/8684	Patch Vendor Advisory
http://www.securityfocus.com/bid/13914	Patch
http://securitytracker.com/id?1014132
http://secunia.com/advisories/15636	Patch Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:aix:5.3_l:::::::*
	cpe:2.3:o:ibm:aix:5.1l:::::::*
	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.2.2:::::::*
	cpe:2.3:o:ibm:aix:5.2_l:::::::*
	cpe:2.3:o:ibm:aix:5.1:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*

Information

Published : 2005-07-11 21:00

Updated : 2008-09-05 13:51

NVD link : CVE-2005-2234

Mitre link : CVE-2005-2234

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ibm

aix

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.caughq.org/advisories/CAU-2005-0005.txt", "name": "http://www.caughq.org/advisories/CAU-2005-0005.txt", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.security-focus.com/advisories/8684", "name": "http://www.security-focus.com/advisories/8684", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/13914", "name": "13914", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1014132", "name": "1014132", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/15636", "name": "15636", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-2234", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-07-12T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:51Z"}