6.9

CVE-2009-1786

The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmAix Version5.3
IbmAix Version6.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.469
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://aix.software.ibm.com/aix/efixes/security/libc_advisory.asc
Patch
Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=802
http://secunia.com/advisories/35146
Vendor Advisory
http://securitytracker.com/id?1022261
Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ50121
http://www.ibm.com/support/docview.wss?uid=isg1IZ50129
http://www.ibm.com/support/docview.wss?uid=isg1IZ50139
http://www.ibm.com/support/docview.wss?uid=isg1IZ50445
http://www.ibm.com/support/docview.wss?uid=isg1IZ50447
http://www.ibm.com/support/docview.wss?uid=isg1IZ50500
http://www.ibm.com/support/docview.wss?uid=isg1IZ50517
http://www.osvdb.org/54617
http://www.securityfocus.com/bid/35034
http://www.vupen.com/english/advisories/2009/1380
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/50636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6276
https://www.exploit-db.com/exploits/9306