7.2

CVE-2014-3074

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmVios Version2.2.0.10
IbmVios Version2.2.0.11
IbmVios Version2.2.0.12
IbmVios Version2.2.0.13
IbmVios Version2.2.1.0
IbmVios Version2.2.1.1
IbmVios Version2.2.1.3
IbmVios Version2.2.1.4
IbmVios Version2.2.1.4 Updatefp-25_sp-02
IbmVios Version2.2.1.8
IbmVios Version2.2.1.9
IbmVios Version2.2.2.0
IbmVios Version2.2.2.4
IbmVios Version2.2.2.5
IbmVios Version2.2.3.0
IbmVios Version2.2.3.2
IbmVios Version2.2.3.3
IbmAix Version6.1
IbmAix Version7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.429
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc
Vendor Advisory
http://packetstormsecurity.com/files/127390/IBM-AIX-Runtime-Linker-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2014/Jul/31
http://secunia.com/advisories/59344
http://www.ibm.com/support/docview.wss?uid=isg1IV60935
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IV60940
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IV61311
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IV61313
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IV61314
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IV61315
Vendor Advisory
http://www.securityfocus.com/archive/1/532689/100/0/threaded
http://www.securityfocus.com/bid/68296
http://www.securitytracker.com/id/1030504
https://exchange.xforce.ibmcloud.com/vulnerabilities/93816
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3074/