ID CVE-2003-1018 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:29:00
Description
Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors.
{"osvdb": [{"lastseen": "2017-04-28T13:19:57", "bulletinFamily": "software", "cvelist": ["CVE-2003-1018"], "edition": 1, "description": "## Vulnerability Description\nIBM AIX versions 4.3.3, 5.1.0, and 5.2.0 contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by a format string attack caused by a vulnerability in the \"enq\" program.\n## Technical Description\nIBM provides the following official fixes:\n \n APAR number for AIX 4.3.3: IY45253 (available)\n APAR number for AIX 5.1.0: IY46255 (available)\n APAR number for AIX 5.2.0: IY45329 (available)\n \n \n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.\n## Short Description\nIBM AIX versions 4.3.3, 5.1.0, and 5.2.0 contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by a format string attack caused by a vulnerability in the \"enq\" program.\n## References:\nVendor Specific Solution URL: http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp\n[Vendor Specific Advisory URL](http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2003.1600.1)\n[Secunia Advisory ID:10470](https://secuniaresearch.flexerasoftware.com/advisories/10470/)\n[Nessus Plugin ID:14420](https://vulners.com/search?query=pluginID:14420)\n[Nessus Plugin ID:14414](https://vulners.com/search?query=pluginID:14414)\nISS X-Force ID: 14037\n[CVE-2003-1018](https://vulners.com/cve/CVE-2003-1018)\n", "modified": "2003-12-17T00:00:00", "published": "2003-12-17T00:00:00", "id": "OSVDB:3090", "href": "https://vulners.com/osvdb/OSVDB:3090", "title": "AIX enq Privilege Escalation ", "type": "osvdb", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-06T09:17:54", "description": "The remote host is missing AIX Critical Security Patch number IY45329\n(SECURITY: Format string vulnerability in /usr/bin/enq and).\n\nYou should install this patch for your system to be up-to-date.", "edition": 22, "published": "2004-08-27T00:00:00", "title": "AIX 5.2 : IY45329", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-1018"], "modified": "2004-08-27T00:00:00", "cpe": [], "id": "AIX_IY45329.NASL", "href": "https://www.tenable.com/plugins/nessus/14414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(14414);\n script_version(\"1.12\");\n script_cve_id(\"CVE-2003-1018\");\n script_bugtraq_id(9254);\n name[\"english\"] = \"AIX 5.2 : IY45329\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing AIX Critical Security Patch number IY45329\n(SECURITY: Format string vulnerability in /usr/bin/enq and).\n\nYou should install this patch for your system to be up-to-date.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www-912.ibm.com/eserver/support/fixes/\" );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/08/27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for patch IY45329\"; \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"AIX Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\");\n exit(0);\n}\n\n\n\ninclude(\"aix.inc\");\n\n if( aix_check_patch(release:\"5.2\", patch:\"IY45329\", package:\"bos.rte.printers.5.2.0.11\") < 0 ) \n security_hole();\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:17:54", "description": "The remote host is missing AIX Critical Security Patch number IY46255\n(SECURITY: Format string vulnerability in /usr/bin/enq and).\n\nYou should install this patch for your system to be up-to-date.", "edition": 22, "published": "2004-08-27T00:00:00", "title": "AIX 5.1 : IY46255", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-1018"], "modified": "2004-08-27T00:00:00", "cpe": [], "id": "AIX_IY46255.NASL", "href": "https://www.tenable.com/plugins/nessus/14420", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(14420);\n script_version(\"1.12\");\n script_cve_id(\"CVE-2003-1018\");\n script_bugtraq_id(9254);\n name[\"english\"] = \"AIX 5.1 : IY46255\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing AIX Critical Security Patch number IY46255\n(SECURITY: Format string vulnerability in /usr/bin/enq and).\n\nYou should install this patch for your system to be up-to-date.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www-912.ibm.com/eserver/support/fixes/\" );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/08/27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for patch IY46255\"; \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"AIX Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\");\n exit(0);\n}\n\n\n\ninclude(\"aix.inc\");\n\n if( aix_check_patch(release:\"5.1\", patch:\"IY46255\", package:\"bos.rte.printers.5.1.0.52\") < 0 ) \n security_hole();\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
