Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0745

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2012-0745
Last Modified 03 Jan 2013 11:35:49
Published 04 May 2012 12:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-0745

Summary

The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.

Vulnerable Systems

Operating System

  • Ibm Aix 5.3

  • Ibm Aix 6.1

  • Ibm Aix 7.1

Application

  • Ibm Vios 2.1.0.10

  • Ibm Vios 2.1.2.12

  • Ibm Vios 2.1.2.13

  • Ibm Vios 2.1.3.10

  • Ibm Vios 2.2.0.10

  • Ibm Vios 2.2.0.11

  • Ibm Vios 2.2.0.12

  • Ibm Vios 2.2.0.13

  • Ibm Vios 2.2.1.0

  • Ibm Vios 2.2.1.1

  • Ibm Vios 2.2.1.3


References

XF - aix-getpwnam-privilege-escalation(74679)

AIXAPAR - IV19098

AIXAPAR - IV19097

AIXAPAR - IV19077

AIXAPAR - IV18638

AIXAPAR - IV18637

AIXAPAR - IV18464

CONFIRM - http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc

OSVDB - 81683


Last Updated: 27 May 2016 10:57:32