4.9

CVE-2008-1595

The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmAix Version5.2
IbmAix Version5.3
IbmAix Version6.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.265
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:C/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://securitytracker.com/id?1019606
http://www.securityfocus.com/bid/28467
Patch
http://www.vupen.com/english/advisories/2008/0865
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155
http://www.ibm.com/support/docview.wss?uid=isg1IZ06022
http://www.ibm.com/support/docview.wss?uid=isg1IZ06505
http://www.ibm.com/support/docview.wss?uid=isg1IZ06663
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5321