Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4845

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4845
Last Modified 05 Dec 2013 12:18:47
Published 20 Oct 2012 06:41:27
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-4845

Summary

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.

Vulnerable Systems

Operating System

  • Ibm Aix 6.1

  • Ibm Aix 7.1

  • Ibm Vios 2.2.1.4


References

XF - aix-ftp-setuid(79279)

AIXAPAR - IV28787

AIXAPAR - IV28785

AIXAPAR - IV28715

AIXAPAR - IV23331

CONFIRM - http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc

BID - 56134


Last Updated: 27 May 2016 10:53:38