Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1599

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-1599
Last Modified 07 Mar 2011 10:07:20
Published 31 Mar 2008 07:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-1599

Summary

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.

Vulnerable Systems

Operating System

  • Ibm Aix 5.2

  • Ibm Aix 5.3

  • Ibm Aix 6.1


References

AIXAPAR - IZ17059

AIXAPAR - IZ17058

AIXAPAR - IZ16991

AIXAPAR - IZ16975

CONFIRM - http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158

CONFIRM - http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157

CONFIRM - http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156

VUPEN - ADV-2008-0865

SECTRACK - 1019604


Last Updated: 27 May 2016 10:47:36