Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8904

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2014-8904
Last Modified 17 Sep 2015 02:12:17
Published 15 Jan 2015 05:59:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-8904

Summary

lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.

Vulnerable Systems

Operating System

  • Ibm Aix 5.3

  • Ibm Aix 6.1

  • Ibm Aix 7.1

  • Ibm Vios 2.2.0.10

  • Ibm Vios 2.2.0.11

  • Ibm Vios 2.2.0.12

  • Ibm Vios 2.2.0.13

  • Ibm Vios 2.2.1.0

  • Ibm Vios 2.2.1.1

  • Ibm Vios 2.2.1.3

  • Ibm Vios 2.2.1.4

  • Ibm Vios 2.2.1.5

  • Ibm Vios 2.2.1.6

  • Ibm Vios 2.2.1.7

  • Ibm Vios 2.2.1.8

  • Ibm Vios 2.2.1.9

  • Ibm Vios 2.2.2.0

  • Ibm Vios 2.2.2.1

  • Ibm Vios 2.2.2.2

  • Ibm Vios 2.2.2.3

  • Ibm Vios 2.2.2.4

  • Ibm Vios 2.2.2.5

  • Ibm Vios 2.2.3.0

  • Ibm Vios 2.2.3.1

  • Ibm Vios 2.2.3.2

  • Ibm Vios 2.2.3.3

  • Ibm Vios 2.2.3.4


References

XF - ibm-aix-cve20148904-sec-bypass(99193)

AIXAPAR - IV68478

AIXAPAR - IV68082

AIXAPAR - IV68070

AIXAPAR - IV67908

AIXAPAR - IV67907

CONFIRM - http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc

SECUNIA - 62195

SECTRACK - 1031596


Last Updated: 27 May 2016 11:07:33