Wazi » aix

Aix 6.1.3 and prior [Unknown Severity]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1.3 and prior [Unknown Severity]

Description

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3699
Severity: Unknown Severity

NIST National Vulnerabilities Database

Aix 6.1.2 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1.2 and prior [High]

Description

gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3516
Severity: High

NIST National Vulnerabilities Database

Aix 6.1.2 and prior [Unknown Severity]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1.2 and prior [Unknown Severity]

Description

nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3517
Severity: Unknown Severity

NIST National Vulnerabilities Database

Aix 6.1.2 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1.2 and prior [High]

Description

Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-2727
Severity: High

NIST National Vulnerabilities Database

Aix 6.1 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1 and prior [High]

Description

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-2669
Severity: High

NIST National Vulnerabilities Database

Aix 5.3 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 5.3 [High]

Description

Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-2434
Severity: High

NIST National Vulnerabilities Database

Aix 5.3 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 5.3 [High]

Description

Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 allows attackers to cause a denial of service (daemon hang) via unknown vectors, related to libtli.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-1954
Severity: High

NIST National Vulnerabilities Database

Aix 6.1 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1 and prior [Medium]

Description

The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-1786
Severity: Medium

NIST National Vulnerabilities Database

Aix 6.1 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1 and prior [High]

Description

Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-1355
Severity: High

NIST National Vulnerabilities Database

Aix 6.1 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1 and prior [High]

Description

Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users to gain privileges via a long “input string.”

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-0779
Severity: High

NIST National Vulnerabilities Database

Aix 6.1.2 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1.2 and prior [Medium]

Description

at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-0536
Severity: Medium

NIST National Vulnerabilities Database

Aix 6.1.14 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1.14 and prior [Medium]

Description

Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-0435
Severity: Medium

NIST National Vulnerabilities Database

Aix 6.1.2 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1.2 and prior [High]

Description

Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating “secure log files.”

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-0370
Severity: High

NIST National Vulnerabilities Database

Aix 6.1.2 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1.2 and prior [Medium]

Description

crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-5384
Severity: Medium

NIST National Vulnerabilities Database

Aix 6.1.2 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1.2 and prior [Medium]

Description

enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-5385
Severity: Medium

NIST National Vulnerabilities Database

Aix 6.1.2 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1.2 and prior [Medium]

Description

Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-5386
Severity: Medium

NIST National Vulnerabilities Database

Aix 6.1.2 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1.2 and prior [Medium]

Description

Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-5387
Severity: Medium

NIST National Vulnerabilities Database

Aix 6.1 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 6.1 and prior [High]

Description

swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-4018
Severity: High

NIST National Vulnerabilities Database

Aix 5.3.0 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 5.3.0 and prior [High]

Description

Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2007-6717
Severity: High

NIST National Vulnerabilities Database

Aix 8.1 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aix 8.1 and prior [Medium]

Description

Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-3860
Severity: Medium

NIST National Vulnerabilities Database