CVE-2006-1246

Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739
http://www.securityfocus.com/bid/17115
http://secunia.com/advisories/19235	Patch Vendor Advisory
http://www.osvdb.org/23921
http://securitytracker.com/id?1015786
http://attrition.org/pipermail/vim/2006-March/000641.html
http://www.nsfocus.com/english/homepage/research/0602.htm	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2006/0957	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25849
https://exchange.xforce.ibmcloud.com/vulnerabilities/25299

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*

Information

Published : 2006-03-17 03:02

Updated : 2017-07-19 18:30

NVD link : CVE-2006-1246

Mitre link : CVE-2006-1246

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

ibm

aix

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739", "name": "IY82739", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.securityfocus.com/bid/17115", "name": "17115", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/19235", "name": "19235", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/23921", "name": "23921", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1015786", "name": "1015786", "tags": [], "refsource": "SECTRACK"}, {"url": "http://attrition.org/pipermail/vim/2006-March/000641.html", "name": "20060323 IBM changing significant details?", "tags": [], "refsource": "VIM"}, {"url": "http://www.nsfocus.com/english/homepage/research/0602.htm", "name": "http://www.nsfocus.com/english/homepage/research/0602.htm", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.vupen.com/english/advisories/2006/0957", "name": "ADV-2006-0957", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25849", "name": "aix-mklvcopy-code-execution(25849)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25299", "name": "aix-bosrtelvm-gain-privileges(25299)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1246", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-03-17T11:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:30Z"}