CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM » AIX : Security Vulnerabilities (CVSS score between 4 and 4.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-2192 399 DoS 2012-06-20 2013-03-21
4.9
 None Local Low Not required None None Complete
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.
2 CVE-2012-0723 20 DoS 2012-07-30 2013-04-01
4.9
 None Local Low Not required None None Complete
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.
3 CVE-2011-1375 264 DoS 2011-11-11 2011-11-15
4.9
 None Local Low Not required None None Complete
IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call.
4 CVE-2011-0637 DoS 2011-01-24 2011-02-05
4.9
 None Local Low Not required None None Complete
The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors.
5 CVE-2009-0536 264 2009-02-11 2010-08-21
4.9
 None Local Low Not required Complete None None
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.
6 CVE-2008-2514 119 Overflow +Priv 2008-06-02 2009-04-08
4.6
 User Local Low Not required Partial Partial Partial
Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.
7 CVE-2008-1598 200 +Info 2008-03-31 2009-07-29
4.7
 None Local Medium Not required Complete None None
The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors.
8 CVE-2008-1597 DoS 2008-03-31 2010-08-21
4.9
 None Local Low Not required None None Complete
The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."
9 CVE-2008-1595 264 +Info 2008-03-31 2009-03-04
4.9
 None Local Low Not required Complete None None
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
10 CVE-2008-1594 DoS 2008-03-31 2009-03-04
4.9
 None Local Low Not required None None Complete
The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.
11 CVE-2008-0589 200 +Info 2008-02-04 2008-10-23
4.9
 None Local Low Not required Complete None None
The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors.
12 CVE-2008-0509 119 DoS Overflow +Priv 2008-01-31 2009-03-04
4.4
 None Local Medium Single system None None Complete
Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.
13 CVE-2007-4799 264 DoS 2007-09-10 2008-11-13
4.9
 None Local Low Not required None None Complete
The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.
14 CVE-2007-4228 DoS 2007-08-08 2008-11-15
4.7
 None Local Medium Not required None None Complete
rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.
15 CVE-2007-2995 2007-06-04 2008-11-15
4.3
 None Remote Medium Not required None None Partial
Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors.
16 CVE-2007-0670 119 Exec Code Overflow 2007-02-02 2010-03-29
4.6
 User Local Low Not required Partial Partial Partial
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
17 CVE-2007-0392 +Priv 2007-01-19 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
18 CVE-2006-6915 DoS 2006-12-31 2008-09-05
4.0
 None Remote Low Single system None None Partial
ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.
19 CVE-2006-5007 +Priv 2006-09-26 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.
20 CVE-2006-0674 DoS Overflow 2006-02-13 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument.
21 CVE-2006-0667 2006-03-09 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.
22 CVE-2006-0666 DoS 2006-02-15 2008-09-05
4.9
 None Local Low Not required None None Complete
Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX.
23 CVE-2005-2232 Exec Code Overflow 2005-07-12 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument.
24 CVE-2003-0914 2003-12-15 2008-09-10
4.3
 None Remote Medium Not required None Partial None
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
25 CVE-2002-1551 DoS Exec Code Overflow 2003-03-31 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code.
26 CVE-2002-1550 2003-03-31 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.
27 CVE-2001-1096 Exec Code Overflow 2001-10-09 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.
28 CVE-2001-1095 Exec Code Overflow 2001-10-09 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Buffer overflow in uuq in AIX 4 could alllow local users to execute arbitrary code via a long -r parameter.
29 CVE-2001-0573 +Priv 2001-08-02 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.
30 CVE-2000-1119 Exec Code Overflow 2001-01-09 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
31 CVE-1999-1079 +Priv 1999-05-06 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.
32 CVE-1999-0129 1996-12-03 2008-09-09
4.6
 User Local Low Not required Partial Partial Partial
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
33 CVE-1999-0094 +Priv 1997-10-29 2008-09-09
4.6
 User Local Low Not required Partial Partial Partial
AIX piodmgrsu command allows local users to gain additional group privileges.
Total number of vulnerabilities : 33   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.