CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities Published In 2008 (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5387 119 Overflow +Priv 2008-12-08 2010-08-21
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.
2 CVE-2008-5386 119 Overflow +Priv 2008-12-08 2008-12-17
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors.
3 CVE-2008-5384 264 +Priv 2008-12-08 2010-08-21
6.9
Admin Local Medium Not required Complete Complete Complete
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.
4 CVE-2008-4018 264 +Priv 2008-09-10 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.
5 CVE-2008-3855 264 +Priv 2008-08-28 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664.
6 CVE-2008-2515 264 +Priv 2008-06-02 2011-05-06
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."
7 CVE-2008-2514 119 Overflow +Priv 2008-06-02 2013-07-16
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.
8 CVE-2008-2221 +Priv 2008-05-14 2009-06-17
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors.
9 CVE-2008-1710 264 +Priv 2008-04-09 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.
10 CVE-2008-1601 119 Overflow +Priv 2008-03-31 2009-08-19
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.
11 CVE-2008-1600 264 +Priv 2008-03-31 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.
12 CVE-2008-1599 264 +Priv 2008-03-31 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
13 CVE-2008-1593 264 +Priv 2008-03-31 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.
14 CVE-2008-0949 +Priv 2008-03-17 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.
15 CVE-2008-0697 264 +Priv 2008-02-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.
16 CVE-2008-0588 264 Overflow +Priv 2008-02-04 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
17 CVE-2008-0587 119 Overflow +Priv 2008-02-04 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
18 CVE-2008-0586 119 Overflow +Priv 2008-02-04 2012-11-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh.
19 CVE-2008-0584 264 Overflow +Priv 2008-02-04 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs.
20 CVE-2008-0509 119 DoS Overflow +Priv 2008-01-31 2009-03-04
4.4
None Local Medium Single system None None Complete
Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.
21 CVE-2007-6717 119 Overflow +Priv 2008-09-10 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.
22 CVE-2007-5764 119 Overflow +Priv 2008-01-24 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.
23 CVE-2007-5757 264 +Priv 2008-02-12 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.