CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM » AIX : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6335 264 Bypass 2014-08-26 2014-08-26
2.6
None Local High Not required Partial Partial None
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
2 CVE-2012-4833 264 2012-10-01 2013-02-13
2.1
None Local Low Not required None None Partial
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.
3 CVE-2011-3982 399 DoS 2011-10-04 2012-05-14
2.1
None Local Low Not required None None Partial
The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs.
4 CVE-2007-6680 2008-01-10 2008-09-05
2.1
None Local Low Not required None Partial None
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.
5 CVE-2006-5004 2006-09-26 2008-09-05
2.1
None Local Low Not required None Partial None
Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.
6 CVE-2005-4273 2005-12-15 2011-09-06
2.1
None Local Low Not required None Partial None
Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.
7 CVE-2005-3289 2005-10-23 2008-09-05
2.1
None Local Low Not required None Partial None
LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.
8 CVE-2005-2238 DoS 2005-07-12 2008-09-05
2.1
None Local Low Not required None None Partial
ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.
9 CVE-2005-0991 2005-05-02 2008-09-05
2.1
None Local Low Not required None Partial None
RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files.
10 CVE-2005-0261 2005-02-10 2008-09-05
2.1
None Local Low Not required Partial None None
lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.
11 CVE-2005-0156 Exec Code Overflow 2005-02-07 2013-10-23
2.1
None Local Low Not required None Partial None
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
12 CVE-2004-0828 2004-11-03 2008-09-05
2.1
None Local Low Not required None Partial None
The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.
13 CVE-2002-1687 Overflow 2002-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.
14 CVE-2002-0790 +Priv 2002-08-12 2008-09-10
2.1
None Local Low Not required Partial None None
clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.
15 CVE-2000-0873 2000-11-14 2008-09-05
2.1
None Local Low Not required None Partial None
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
16 CVE-2000-0080 2000-01-10 2008-09-10
2.1
None Local Low Not required None Partial None
AIX techlibss allows local users to overwrite files via a symlink attack.
17 CVE-1999-1408 DoS 1997-03-05 2008-09-05
2.1
None Local Low Not required None None Partial
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
18 CVE-1999-1117 1999-12-31 2008-09-09
2.1
None Local Low Not required Partial None None
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
19 CVE-1999-0851 DoS 1999-11-10 2008-09-09
2.1
None Local Low Not required None None Partial
Denial of service in BIND named via naptr.
20 CVE-1999-0694 DoS 1999-08-11 2008-09-09
2.1
None Local Low Not required None None Partial
Denial of service in AIX ptrace system call allows local users to crash the system.
Total number of vulnerabilities : 20   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.