A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.
Max CVSS
9.1
EPSS Score
0.19%
Published
2018-02-13
Updated
2019-10-03
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.
Max CVSS
10.0
EPSS Score
7.65%
Published
2010-08-30
Updated
2018-11-28
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
Max CVSS
10.0
EPSS Score
22.69%
Published
2010-05-20
Updated
2018-10-10
CVE-2009-3699
Public exploit
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
Max CVSS
10.0
EPSS Score
75.53%
Published
2009-10-15
Updated
2017-08-17
nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.
Max CVSS
10.0
EPSS Score
1.59%
Published
2009-10-01
Updated
2017-09-19
CVE-2009-2727
Public exploit
Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.
Max CVSS
9.3
EPSS Score
94.34%
Published
2009-08-10
Updated
2009-08-11
Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.
Max CVSS
10.0
EPSS Score
1.27%
Published
2006-09-27
Updated
2017-07-20
Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal.
Max CVSS
10.0
EPSS Score
7.41%
Published
2005-12-15
Updated
2018-10-19
Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
0.69%
Published
2005-05-02
Updated
2008-09-05
rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.
Max CVSS
10.0
EPSS Score
0.34%
Published
2004-12-31
Updated
2017-07-11
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
Max CVSS
10.0
EPSS Score
85.17%
Published
2004-05-04
Updated
2017-10-11
Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.
Max CVSS
10.0
EPSS Score
0.29%
Published
2003-10-06
Updated
2008-09-10
CVE-2003-0694
Public exploit
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
Max CVSS
10.0
EPSS Score
5.70%
Published
2003-10-06
Updated
2018-10-30
Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.
Max CVSS
10.0
EPSS Score
1.27%
Published
2004-03-29
Updated
2017-07-11
Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.
Max CVSS
10.0
EPSS Score
0.18%
Published
2002-12-31
Updated
2008-09-05
Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow.
Max CVSS
10.0
EPSS Score
0.31%
Published
2002-12-31
Updated
2008-09-05
Buffer overflow in lscfg of unknown versions of AIX has unknown impact.
Max CVSS
10.0
EPSS Score
0.21%
Published
2002-12-31
Updated
2008-09-05
Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.
Max CVSS
10.0
EPSS Score
1.97%
Published
2002-04-22
Updated
2008-09-05
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
Max CVSS
10.0
EPSS Score
0.44%
Published
2003-04-22
Updated
2008-09-05
Buffer overflow in lsmcode in AIX 4.3.3.
Max CVSS
10.0
EPSS Score
0.45%
Published
2002-08-12
Updated
2008-09-05
Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument.
Max CVSS
10.0
EPSS Score
0.28%
Published
2002-08-12
Updated
2008-09-05
Buffer overflow in uucp in AIX 4.3.3.
Max CVSS
10.0
EPSS Score
0.28%
Published
2002-08-12
Updated
2008-09-05
namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.
Max CVSS
10.0
EPSS Score
0.28%
Published
2002-08-12
Updated
2008-09-05
mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.
Max CVSS
10.0
EPSS Score
0.28%
Published
2002-08-12
Updated
2008-09-05
Buffer overflow in pioout on AIX 4.3.3.
Max CVSS
10.0
EPSS Score
0.28%
Published
2002-08-12
Updated
2008-09-05