7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
0.4%
There is a buffer overflow in the enq command that may allow a local attacker to gain root privileges.
The enq command is used to add entries to a queue, usually for printing. There is a buffer overflow in the -M argument to the enq command.
An attacker with access to a local user account may be able to gain root privileges.
Apply a Patch
IBM has released patches to correct this problem. For AIX version 4.2, system adminstrators should apply APAR#IY08287. For AIX version 4.3, system administrators should apply APAR#IY08143. The patches for this problem also correct a vulnerability in the digest command.
Javascript is disabled. Click here to view vendors.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Cory Cohen.
CVE IDs: | CVE-2000-1121 |
---|---|
Severity Metric: | 7.09 Date Public: |
techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA137627+STIY08287+USbin
techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=DVhuron.boulder.ibm.com+DBAIX+DA139925+STIY08143+USbin
techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY08143
techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY08287
www.rs6000.ibm.com/idd500/usr/share/man/info/en_US/a_doc_lib/cmds/aixcmds2/enq.htm#A200977f
www.securityfocus.com/bid/2034
xforce.iss.net/static/5619.php