CVE-2003-0119

The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/8221
http://www-1.ibm.com/services/continuity/recover1.nsf/4699c03b46f2d4f68525678c006d45ae/85256a3400529a8685256cde0008ddde?OpenDocument
http://www.kb.cert.org/vuls/id/624713	Patch Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/7264	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:aix:4.3.3:::::::*
	cpe:2.3:o:ibm:aix:5.1:::::::*
	cpe:2.3:o:ibm:aix:5.2:::::::*

History

No history.

Information

Published : 2004-02-03 05:00

Updated : 2024-02-28 10:24

NVD link : CVE-2003-0119

Mitre link : CVE-2003-0119

CVE.ORG link : CVE-2003-0119

JSON object : View

Products Affected

ibm

aix

CWE

NVD-CWE-Other

{"id": "CVE-2003-0119", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-02-03T05:00:00.000", "references": [{"url": "http://secunia.com/advisories/8221", "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/services/continuity/recover1.nsf/4699c03b46f2d4f68525678c006d45ae/85256a3400529a8685256cde0008ddde?OpenDocument", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/624713", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/7264", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities."}, {"lang": "es", "value": "El demonio secldapclntd en AIX 4.3, 5.1 y 5.2usa un socket de Internet cuando se comunica con el loadmodule, lo que permite que atacantes remotos se conecten directamente al demonio y realicen actividades no autorizadas."}], "lastModified": "2008-09-05T20:33:31.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "465B06C4-136D-4CD8-BA38-B6B50511624C"}, {"criteria": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCB23261-D5A9-4C49-B08E-97A63ED6F84A"}, {"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}