7.2

CVE-2009-2669

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmAix Version5.3
IbmAix Version6.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.72% 0.488
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc
Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815
http://secunia.com/advisories/36156
http://www.ibm.com/support/docview.wss?uid=isg1IZ54090
http://www.ibm.com/support/docview.wss?uid=isg1IZ54091
http://www.ibm.com/support/docview.wss?uid=isg1IZ54593
http://www.ibm.com/support/docview.wss?uid=isg1IZ56203
Patch
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56204
Patch
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56205
Patch
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56206
Patch
Vendor Advisory
http://www.securityfocus.com/bid/35934
Patch
http://www.vupen.com/english/advisories/2009/2151