Vulnerability-Lookup

CVE-2012-4833 (GCVE-0-2012-4833)

Vulnerability from cvelistv5 – Published: 2012-10-01 18:00 – Updated: 2024-08-06 20:50

Summary

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=isg1IV28756	vendor-advisoryx_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=isg1IV28754	vendor-advisoryx_refsource_AIXAPAR
	http://aix.software.ibm.com/aix/efixes/security/f…	x_refsource_CONFIRM
	http://www.ibm.com/support/docview.wss?uid=isg1IV28151	vendor-advisoryx_refsource_AIXAPAR
	http://secunia.com/advisories/50708	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/55726	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1027586	vdb-entryx_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=isg1IV28749	vendor-advisoryx_refsource_AIXAPAR

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:50:17.513Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "aix-fuser-kill-process(78907)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78907"
          },
          {
            "name": "IV28756",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28756"
          },
          {
            "name": "IV28754",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28754"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc"
          },
          {
            "name": "IV28151",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28151"
          },
          {
            "name": "50708",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50708"
          },
          {
            "name": "55726",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55726"
          },
          {
            "name": "1027586",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027586"
          },
          {
            "name": "IV28749",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "aix-fuser-kill-process(78907)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78907"
        },
        {
          "name": "IV28756",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28756"
        },
        {
          "name": "IV28754",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28754"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc"
        },
        {
          "name": "IV28151",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28151"
        },
        {
          "name": "50708",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50708"
        },
        {
          "name": "55726",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55726"
        },
        {
          "name": "1027586",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027586"
        },
        {
          "name": "IV28749",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-4833",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "aix-fuser-kill-process(78907)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78907"
            },
            {
              "name": "IV28756",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28756"
            },
            {
              "name": "IV28754",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28754"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc"
            },
            {
              "name": "IV28151",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28151"
            },
            {
              "name": "50708",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50708"
            },
            {
              "name": "55726",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/55726"
            },
            {
              "name": "1027586",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027586"
            },
            {
              "name": "IV28749",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-4833",
    "datePublished": "2012-10-01T18:00:00",
    "dateReserved": "2012-09-06T00:00:00",
    "dateUpdated": "2024-08-06T20:50:17.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-4833\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2012-10-01T18:55:01.127\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.\"},{\"lang\":\"es\",\"value\":\"fuser en IBM AIX v6.1 y v7.1, y VIOS v2.2.1.4-FP-25 SP-02, no restringen adecuadamente la opci\u00f3n -k, que permite a usuarios locales matar procesos de su elecci\u00f3n a trav\u00e9s de una linea de comandos modificada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:vios:2.2.1.4:fp-25_sp-02:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BBC4752-37F3-4AB9-9EFA-D52D65AECC1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD518B94-9CD7-4C45-8766-578CF427B4CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0402E20C-8B41-4A2A-BFF9-92EC843985F0\"}]}]}],\"references\":[{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/50708\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IV28151\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IV28749\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IV28754\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IV28756\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.securityfocus.com/bid/55726\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.securitytracker.com/id?1027586\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/78907\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/50708\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IV28151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IV28749\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IV28754\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IV28756\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/55726\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1027586\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/78907\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2012-4833

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.

Aliases

CVE-2012-4833

Aliases

CVE-2012-4833

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-4833",
    "description": "fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.",
    "id": "GSD-2012-4833"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-4833"
      ],
      "details": "fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.",
      "id": "GSD-2012-4833",
      "modified": "2023-12-13T01:20:15.061144Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2012-4833",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "aix-fuser-kill-process(78907)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78907"
          },
          {
            "name": "IV28756",
            "refsource": "AIXAPAR",
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28756"
          },
          {
            "name": "IV28754",
            "refsource": "AIXAPAR",
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28754"
          },
          {
            "name": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc",
            "refsource": "CONFIRM",
            "url": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc"
          },
          {
            "name": "IV28151",
            "refsource": "AIXAPAR",
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28151"
          },
          {
            "name": "50708",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/50708"
          },
          {
            "name": "55726",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/55726"
          },
          {
            "name": "1027586",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1027586"
          },
          {
            "name": "IV28749",
            "refsource": "AIXAPAR",
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28749"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.4:fp-25_sp-02:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-4833"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV28749",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28749"
            },
            {
              "name": "IV28151",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28151"
            },
            {
              "name": "IV28754",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28754"
            },
            {
              "name": "IV28756",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28756"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc"
            },
            {
              "name": "55726",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/55726"
            },
            {
              "name": "50708",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/50708"
            },
            {
              "name": "1027586",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1027586"
            },
            {
              "name": "aix-fuser-kill-process(78907)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78907"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-08-31T15:43Z",
      "publishedDate": "2012-10-01T18:55Z"
    }
  }
}

FKIE_CVE-2012-4833

Vulnerability from fkie_nvd - Published: 2012-10-01 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.

References

URL	Tags
psirt@us.ibm.com	http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc	Patch, Vendor Advisory
psirt@us.ibm.com	http://secunia.com/advisories/50708
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=isg1IV28151
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=isg1IV28749
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=isg1IV28754
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=isg1IV28756
psirt@us.ibm.com	http://www.securityfocus.com/bid/55726
psirt@us.ibm.com	http://www.securitytracker.com/id?1027586
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/78907
af854a3a-2127-422b-91ae-364da2661108	http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50708
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=isg1IV28151
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=isg1IV28749
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=isg1IV28754
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=isg1IV28756
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/55726
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027586
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/78907

Impacted products

Vendor	Product	Version
ibm	vios	2.2.1.4
ibm	aix	6.1
ibm	aix	7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:vios:2.2.1.4:fp-25_sp-02:*:*:*:*:*:*",
              "matchCriteriaId": "4BBC4752-37F3-4AB9-9EFA-D52D65AECC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0402E20C-8B41-4A2A-BFF9-92EC843985F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line."
    },
    {
      "lang": "es",
      "value": "fuser en IBM AIX v6.1 y v7.1, y VIOS v2.2.1.4-FP-25 SP-02, no restringen adecuadamente la opci\u00f3n -k, que permite a usuarios locales matar procesos de su elecci\u00f3n a trav\u00e9s de una linea de comandos modificada."
    }
  ],
  "id": "CVE-2012-4833",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-10-01T18:55:01.127",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/50708"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28151"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28749"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28754"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28756"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/55726"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id?1027586"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/55726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78907"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7M3H-259R-858P

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06

Details

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-4833"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-10-01T18:55:00Z",
    "severity": "LOW"
  },
  "details": "fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.",
  "id": "GHSA-7m3h-259r-858p",
  "modified": "2022-05-13T01:06:58Z",
  "published": "2022-05-13T01:06:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4833"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78907"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50708"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28151"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28749"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28754"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28756"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/55726"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1027586"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2012-AVI-540

Vulnerability from certfr_avis - Published: 2012-10-02 - Updated: 2012-10-02

Une vulnérabilité a été corrigée dans IBM AIX. Elle permet à un utilisateur local de provoquer la fermeture du processus d'un autre utilisateur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	AIX	IBM AIX version 6.1
	IBM	AIX	IBM AIX version 7.1

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-4833 (GCVE-0-2012-4833)

GSD-2012-4833

FKIE_CVE-2012-4833

GHSA-7M3H-259R-858P

CERTA-2012-AVI-540

Solution

Tags

Sightings

Nomenclature