Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4622

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2007-4622
Last Modified 07 Mar 2011 09:58:54
Published 05 Nov 2007 11:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-4622

Summary

Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.

Vulnerable Systems

Operating System

  • Ibm Aix 5.2


References

BID - 26262

CONFIRM - ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar

XF - aix-dig-dnsnamefromtext-integer-underflow(38169)

VUPEN - ADV-2007-3669

AIXAPAR - IZ05017

SECTRACK - 1018871

SECUNIA - 27437

IDEFENSE - 20071030 IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability


Last Updated: 27 May 2016 10:45:54