CVE-2007-4353

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
ftp://aix.software.ibm.com/aix/efixes/security/README	Patch
http://secunia.com/advisories/26420	Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00531
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01433
http://www.securityfocus.com/bid/25270
http://www.securitytracker.com/id?1018549
http://www.vupen.com/english/advisories/2007/2860
https://exchange.xforce.ibmcloud.com/vulnerabilities/35971

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*

History

No history.

Information

Published : 2007-08-15 00:17

Updated : 2024-02-28 11:01

NVD link : CVE-2007-4353

Mitre link : CVE-2007-4353

CVE.ORG link : CVE-2007-4353

JSON object : View

Products Affected

ibm

aix

CWE

NVD-CWE-Other

{"id": "CVE-2007-4353", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-15T00:17:00.000", "references": [{"url": "ftp://aix.software.ibm.com/aix/efixes/security/README", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26420", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00531", "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01433", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25270", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018549", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2860", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35971", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en IBM AIX 5.2 y 5.3 permiten a usuarios locales en el grupo system obtener privilegios de root mediante vectores no especificados involucrando los programas (1) chpath, (2) rmpath, y (3) devinstall en bos.rte.methods."}], "lastModified": "2017-07-29T01:32:52.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}