CVE-2007-4353

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
ftp://aix.software.ibm.com/aix/efixes/security/README	Patch
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00531
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01433
http://www.securityfocus.com/bid/25270
http://www.securitytracker.com/id?1018549
http://secunia.com/advisories/26420	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2007/2860
https://exchange.xforce.ibmcloud.com/vulnerabilities/35971

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*

Information

Published : 2007-08-14 17:17

Updated : 2017-07-28 18:32

NVD link : CVE-2007-4353

Mitre link : CVE-2007-4353

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ibm

aix

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "ftp://aix.software.ibm.com/aix/efixes/security/README", "name": "ftp://aix.software.ibm.com/aix/efixes/security/README", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00531", "name": "IZ00531", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01433", "name": "IZ01433", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.securityfocus.com/bid/25270", "name": "25270", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1018549", "name": "1018549", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/26420", "name": "26420", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/2860", "name": "ADV-2007-2860", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35971", "name": "aix-chpath-rmpath-devinstall-bo(35971)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-4353", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-08-15T00:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:32Z"}