Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2008-AVI-594
Vulnerability from certfr_avis - Published: 2008-12-11 - Updated: 2008-12-11
Plusieurs vulnérabilités sont présentes dans IBM AIX et permettent à un utilisateur local malintentionné d'élever ses privilèges et de porter atteinte à l'intégrité des données.
Description
Plusieurs vulnérabilités permettant à un utilisateur local d'élever ses privilèges sont présentes dans le système d'exploitation IBM AIX :
- la première est relative à la commande /usr/sbin/ndp qui présente une erreur de type débordement de mémoire si le service netcd est lancé ;
- la seconde concerne la commande /usr/sbin/autoconf6 qui présente une
erreur de type débordement de mémoire et peut être exploitée si la
fonction RBAC est utilisée et que l'attaquant possède la permission
:
aix.network.config.tcpip ; - la troisième est relative à la commande /usr/bin/enq qui permet, sous certaines conditions, de supprimer des fichiers du système ;
- la dernière concerne la commande /usr/bin/crontab qui permet, sous certaines conditions, de donner des privilèges élevés à l'éditeur qu'il appelle.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM AIX 6.1.x.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM AIX 6.1.x.\u003c/P\u003e",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s permettant \u00e0 un utilisateur local d\u0027\u00e9lever ses\nprivil\u00e8ges sont pr\u00e9sentes dans le syst\u00e8me d\u0027exploitation IBM AIX :\n\n- la premi\u00e8re est relative \u00e0 la commande /usr/sbin/ndp qui pr\u00e9sente\n une erreur de type d\u00e9bordement de m\u00e9moire si le service netcd est\n lanc\u00e9 ;\n- la seconde concerne la commande /usr/sbin/autoconf6 qui pr\u00e9sente une\n erreur de type d\u00e9bordement de m\u00e9moire et peut \u00eatre exploit\u00e9e si la\n fonction RBAC est utilis\u00e9e et que l\u0027attaquant poss\u00e8de la permission\n : \n aix.network.config.tcpip ;\n- la troisi\u00e8me est relative \u00e0 la commande /usr/bin/enq qui permet,\n sous certaines conditions, de supprimer des fichiers du syst\u00e8me ;\n- la derni\u00e8re concerne la commande /usr/bin/crontab qui permet, sous\n certaines conditions, de donner des privil\u00e8ges \u00e9lev\u00e9s \u00e0 l\u0027\u00e9diteur\n qu\u0027il appelle.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-5386",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5386"
},
{
"name": "CVE-2008-5387",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5387"
},
{
"name": "CVE-2008-5384",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5384"
},
{
"name": "CVE-2008-5385",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5385"
}
],
"initial_release_date": "2008-12-11T00:00:00",
"last_revision_date": "2008-12-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 AIX du 26 novembre 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
}
],
"reference": "CERTA-2008-AVI-594",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans IBM AIX et permettent \u00e0 un\nutilisateur local malintentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges et de porter\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM AIX",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM AIX du 26 novembre 2008",
"url": null
}
]
}
CVE-2008-5384 (GCVE-0-2008-5384)
Vulnerability from cvelistv5 – Published: 2008-12-09 00:00 – Updated: 2024-08-07 10:49
VLAI
EPSS
VEX
Summary
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32916 | third-party-advisoryx_refsource_SECUNIA |
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
| http://www.securitytracker.com/id?1021291 | vdb-entryx_refsource_SECTRACK |
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
| http://aix.software.ibm.com/aix/efixes/security/a… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/bid/32493 | vdb-entryx_refsource_BID |
| http://osvdb.org/50218 | vdb-entryx_refsource_OSVDB |
Date Public
2008-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32916"
},
{
"name": "IZ30248",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ30248"
},
{
"name": "IZ34783",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34783"
},
{
"name": "1021291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021291"
},
{
"name": "IZ34478",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34478"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "oval:org.mitre.oval:def:5612",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5612"
},
{
"name": "32493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "50218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32916"
},
{
"name": "IZ30248",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ30248"
},
{
"name": "IZ34783",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34783"
},
{
"name": "1021291",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021291"
},
{
"name": "IZ34478",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34478"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "oval:org.mitre.oval:def:5612",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5612"
},
{
"name": "32493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "50218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50218"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32916"
},
{
"name": "IZ30248",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ30248"
},
{
"name": "IZ34783",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34783"
},
{
"name": "1021291",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021291"
},
{
"name": "IZ34478",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34478"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "oval:org.mitre.oval:def:5612",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5612"
},
{
"name": "32493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "50218",
"refsource": "OSVDB",
"url": "http://osvdb.org/50218"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5384",
"datePublished": "2008-12-09T00:00:00.000Z",
"dateReserved": "2008-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5385 (GCVE-0-2008-5385)
Vulnerability from cvelistv5 – Published: 2008-12-09 00:00 – Updated: 2024-08-07 10:49
VLAI
EPSS
VEX
Summary
enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://osvdb.org/50217 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/32916 | third-party-advisoryx_refsource_SECUNIA |
| http://aix.software.ibm.com/aix/efixes/security/a… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/32493 | vdb-entryx_refsource_BID |
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
| http://www.securitytracker.com/id?1021290 | vdb-entryx_refsource_SECTRACK |
Date Public
2008-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50217",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50217"
},
{
"name": "32916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32916"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "32493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "IZ34481",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481"
},
{
"name": "IZ33088",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088"
},
{
"name": "IZ34785",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785"
},
{
"name": "1021290",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50217",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50217"
},
{
"name": "32916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32916"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "32493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "IZ34481",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481"
},
{
"name": "IZ33088",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088"
},
{
"name": "IZ34785",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785"
},
{
"name": "1021290",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50217",
"refsource": "OSVDB",
"url": "http://osvdb.org/50217"
},
{
"name": "32916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32916"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "32493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "IZ34481",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481"
},
{
"name": "IZ33088",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088"
},
{
"name": "IZ34785",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785"
},
{
"name": "1021290",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5385",
"datePublished": "2008-12-09T00:00:00.000Z",
"dateReserved": "2008-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5386 (GCVE-0-2008-5386)
Vulnerability from cvelistv5 – Published: 2008-12-09 00:00 – Updated: 2024-08-07 10:49
VLAI
EPSS
VEX
Summary
Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32916 | third-party-advisoryx_refsource_SECUNIA |
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
| http://osvdb.org/50215 | vdb-entryx_refsource_OSVDB |
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
| http://aix.software.ibm.com/aix/efixes/security/a… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/32493 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1021288 | vdb-entryx_refsource_SECTRACK |
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
Date Public
2008-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32916"
},
{
"name": "IZ35170",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ35170"
},
{
"name": "50215",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50215"
},
{
"name": "IZ35209",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ35209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "32493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "1021288",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021288"
},
{
"name": "IZ35181",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ35181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32916"
},
{
"name": "IZ35170",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ35170"
},
{
"name": "50215",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50215"
},
{
"name": "IZ35209",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ35209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "32493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "1021288",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021288"
},
{
"name": "IZ35181",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ35181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32916"
},
{
"name": "IZ35170",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ35170"
},
{
"name": "50215",
"refsource": "OSVDB",
"url": "http://osvdb.org/50215"
},
{
"name": "IZ35209",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ35209"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "32493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "1021288",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021288"
},
{
"name": "IZ35181",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ35181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5386",
"datePublished": "2008-12-09T00:00:00.000Z",
"dateReserved": "2008-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5387 (GCVE-0-2008-5387)
Vulnerability from cvelistv5 – Published: 2008-12-09 00:00 – Updated: 2024-08-07 10:49
VLAI
EPSS
VEX
Summary
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
| http://secunia.com/advisories/32916 | third-party-advisoryx_refsource_SECUNIA |
| http://aix.software.ibm.com/aix/efixes/security/a… | x_refsource_CONFIRM |
| http://osvdb.org/50216 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/32493 | vdb-entryx_refsource_BID |
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
| http://www-01.ibm.com/support/docview.wss?uid=isg… | vendor-advisoryx_refsource_AIXAPAR |
| http://www.securitytracker.com/id?1021289 | vdb-entryx_refsource_SECTRACK |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2008-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IZ34393",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34393"
},
{
"name": "32916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32916"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "50216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50216"
},
{
"name": "32493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "IZ30231",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ30231"
},
{
"name": "IZ34753",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34753"
},
{
"name": "1021289",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021289"
},
{
"name": "oval:org.mitre.oval:def:6303",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "IZ34393",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34393"
},
{
"name": "32916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32916"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "50216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50216"
},
{
"name": "32493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "IZ30231",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ30231"
},
{
"name": "IZ34753",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34753"
},
{
"name": "1021289",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021289"
},
{
"name": "oval:org.mitre.oval:def:6303",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IZ34393",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34393"
},
{
"name": "32916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32916"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "50216",
"refsource": "OSVDB",
"url": "http://osvdb.org/50216"
},
{
"name": "32493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "IZ30231",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ30231"
},
{
"name": "IZ34753",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34753"
},
{
"name": "1021289",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021289"
},
{
"name": "oval:org.mitre.oval:def:6303",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5387",
"datePublished": "2008-12-09T00:00:00.000Z",
"dateReserved": "2008-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…