CVE-2006-1247

rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/19656	Patch Vendor Advisory
http://securitytracker.com/id?1015952
http://www-1.ibm.com/support/docview.wss?uid=isg1IY82357	Patch
http://www.nsfocus.com/english/homepage/research/0603.htm	Patch Vendor Advisory
http://www.osvdb.org/24706
http://www.securityfocus.com/archive/1/431846/100/0/threaded
http://www.securityfocus.com/archive/1/431848/100/0/threaded
http://www.securityfocus.com/bid/17576	Patch
http://www.vupen.com/english/advisories/2006/1389	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25848
http://secunia.com/advisories/19656	Patch Vendor Advisory
http://securitytracker.com/id?1015952
http://www-1.ibm.com/support/docview.wss?uid=isg1IY82357	Patch
http://www.nsfocus.com/english/homepage/research/0603.htm	Patch Vendor Advisory
http://www.osvdb.org/24706
http://www.securityfocus.com/archive/1/431846/100/0/threaded
http://www.securityfocus.com/archive/1/431848/100/0/threaded
http://www.securityfocus.com/bid/17576	Patch
http://www.vupen.com/english/advisories/2006/1389	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25848

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:aix:5.1:::::::*
	cpe:2.3:o:ibm:aix:5.1l:::::::*
	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.2.0.50:::::::*
	cpe:2.3:o:ibm:aix:5.2.0.54:::::::*
	cpe:2.3:o:ibm:aix:5.2.2:::::::*
	cpe:2.3:o:ibm:aix:5.2_l:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:5.3.0:::::::*
	cpe:2.3:o:ibm:aix:5.3.0.10:::::::*
	cpe:2.3:o:ibm:aix:5.3.0.20:::::::*
	cpe:2.3:o:ibm:aix:5.3_l:::::::*
	cpe:2.3:o:ibm:aix:5.3_ml03:::::::*

History

21 Nov 2024, 00:08

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/19656 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/19656 - Patch, Vendor Advisory
References	~~() http://securitytracker.com/id?1015952 -~~	() http://securitytracker.com/id?1015952 -
References	~~() http://www-1.ibm.com/support/docview.wss?uid=isg1IY82357 - Patch~~	() http://www-1.ibm.com/support/docview.wss?uid=isg1IY82357 - Patch
References	~~() http://www.nsfocus.com/english/homepage/research/0603.htm - Patch, Vendor Advisory~~	() http://www.nsfocus.com/english/homepage/research/0603.htm - Patch, Vendor Advisory
References	~~() http://www.osvdb.org/24706 -~~	() http://www.osvdb.org/24706 -
References	~~() http://www.securityfocus.com/archive/1/431846/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/431846/100/0/threaded -
References	~~() http://www.securityfocus.com/archive/1/431848/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/431848/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/17576 - Patch~~	() http://www.securityfocus.com/bid/17576 - Patch
References	~~() http://www.vupen.com/english/advisories/2006/1389 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2006/1389 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/25848 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/25848 -

Information

Published : 2006-04-19 16:06

Updated : 2024-11-21 00:08

NVD link : CVE-2006-1247

Mitre link : CVE-2006-1247

CVE.ORG link : CVE-2006-1247

JSON object : View

Products Affected

ibm

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

3.3 /10